How Asian organisations can develop an effective incident response plan

"However, different types of organisation will require different levels of maturity in cybersecurity incident response," Singapore Institute of Technology’s Steven Wong told delegates at the Computerworld Singapore Security Summit.

By Nayela Deeba
May 31, 2017

Steven Wong, associate professor and program director, Singapore Institute of Technology, addressing the crowd at the Computerworld Singapore Security Summit 2017.

No organisation today is safe from cyberattacks. Hence, it is necessary for IT leaders to ensure that they have an incident response plan, asserted Steven Wong, associate professor and program director, Singapore Institute of Technology (SIT). He was speaking at the Computerworld Singapore Security Summit 2017.

In order to come up with the right incident response plan, organisations need to have a capable leader who does not only claim to be a cybersecurity specialist, but also proves it by mitigating cyberattacks when they take place. "Most basic attacks [such as those crafted by individual hackers] can be dealt by many organisations. But more sophisticated cybersecurity attacks need to be addressed by properly qualified and experienced experts," explained Wong.

After hiring the right cybersecurity specialist, organisations need to come up with an incident response plan to tackle cybersecurity incidents, said Wong. According to the Council of Registered Ethical Security Testers' (CREST) Cyber Security Incident Response scheme (CSIR), there are three components to incident response plans:

Phase One: Preparing for cybersecurity incidents

  • Conduct a criticality assessment for your organisation
  • Carry out a cybersecurity threat analysis through scenarios
  • Consider the implications of people, process, technology and information
  • Create an appropriate control framework
  • Review your state of readiness in cybersecurity incidence response

Phase Two:  Responding to cybersecurity incident

  • Identify cybersecurity incident
  • Define objectives and investigative situation
  • Take appropriate action
  • Recover systems, data and connectivity

Phase Three: Following up on cybersecurity incident

  • Investigate the incident more thoroughly
  • Report the incident to relevant stakeholders
  • Carry out incident review
  • Communicate with people in your organisation about the incident
  • Update important information, controls and processes
  • Conduct a trend analysis

Besides this, Wong urged organisations to use CREST's Cyber Security Incident Response Maturity Assessment Tool to test the maturity of their incident response plan. 

"Different types of organisation will require different levels of maturity in cyber security incident response. Consequently, the level of maturity your organisation has in cybersecurity incident response should be reviewed in context and compared to your actual requirements. The maturity of your organisation can then be compared with other organisations to help determine if your level of maturity is appropriate," he concluded. 


Other stories from the Computerworld Security Summit Series 2017: