By Nayela Deeba
May 31, 2017
Steven Wong, associate professor and program director, Singapore Institute of Technology, addressing the crowd at the Computerworld Singapore Security Summit 2017.
No organisation today is safe from cyberattacks. Hence, it is necessary for IT leaders to ensure that they have an incident response plan, asserted Steven Wong, associate professor and program director, Singapore Institute of Technology (SIT). He was speaking at the Computerworld Singapore Security Summit 2017.
In order to come up with the right incident response plan, organisations need to have a capable leader who does not only claim to be a cybersecurity specialist, but also proves it by mitigating cyberattacks when they take place. "Most basic attacks [such as those crafted by individual hackers] can be dealt by many organisations. But more sophisticated cybersecurity attacks need to be addressed by properly qualified and experienced experts," explained Wong.
After hiring the right cybersecurity specialist, organisations need to come up with an incident response plan to tackle cybersecurity incidents, said Wong. According to the Council of Registered Ethical Security Testers' (CREST) Cyber Security Incident Response scheme (CSIR), there are three components to incident response plans:
Phase One: Preparing for cybersecurity incidents
- Conduct a criticality assessment for your organisation
- Carry out a cybersecurity threat analysis through scenarios
- Consider the implications of people, process, technology and information
- Create an appropriate control framework
- Review your state of readiness in cybersecurity incidence response
Phase Two: Responding to cybersecurity incident
- Identify cybersecurity incident
- Define objectives and investigative situation
- Take appropriate action
- Recover systems, data and connectivity
Phase Three: Following up on cybersecurity incident
- Investigate the incident more thoroughly
- Report the incident to relevant stakeholders
- Carry out incident review
- Communicate with people in your organisation about the incident
- Update important information, controls and processes
- Conduct a trend analysis
Besides this, Wong urged organisations to use CREST's Cyber Security Incident Response Maturity Assessment Tool to test the maturity of their incident response plan.
"Different types of organisation will require different levels of maturity in cyber security incident response. Consequently, the level of maturity your organisation has in cybersecurity incident response should be reviewed in context and compared to your actual requirements. The maturity of your organisation can then be compared with other organisations to help determine if your level of maturity is appropriate," he concluded.
Other stories from the Computerworld Security Summit Series 2017:
- [Singapore] GlaxoSmithKline's Winston Chew: What is Singapore doing to step up its cybersecurity game plan?
- [Singapore] UBS' Christian Karam: How has ransomware evolved over the years?
- [Singapore] GovTech's Chai Chin Loon: Adopt security-by-design mindset to combat new cybersecurity threats
- [Singapore] Defending against the new wave of cybersecurity threats
- [Singapore] Singapore Fintech Association's Chia Hock Lai: Why should security professionals pay attention to the rise of fintech?
- [Singapore] How Asian organisations can avoid becoming WannaCry’s next prey
- [Malaysia] Combatting cyberattacks with a strategic mindset
- [Philippines] DICT's Allan Cabanlong shares Philippines' cybersecurity game plan
- [Philippines] Jollibee's Frank Vibar: Why Digital Risk Officers are necessary for digital transformation
- [Philippines] Asian Development Bank's Alain Duminy: Taking a bi-modal approach to IT governance
- [Philippines] How IT leaders can get everyone involved in cybersecurity