Chapter 15


Incident response is the most visible function for a typical CISO. For good or for ill, it is the primary way CISOs are judged. Beyond the immediate impact of demonstrating the organization’s resilience to customers, management and employees, how an organization deals with incident response says a lot about its culture. Does the organization recognize the challenges and opportunities of doing business in the twenty-first century? Does management invest in and support the security hygiene and preparation it takes to protect long-term value delivery while competing in a digital world?

Bill starts by focusing the reader on the training and preparation that must be done, specifically triage training for the security team and situational training for the whole organization. Quickly recognizing and responding to incidents can be the difference between a minor disruption and a major breach. Communicating effectively during an incident is also critical to maintaining the confidence of the organization’s many stakeholders, and preparation is key to success here as well.

Matt reminds us of the ongoing yet still emerging convergence of information technology (IT) and operational technology (OT). The ability of errors in code or network misconfigurations to contribute to the physical harm done to a person or group adds a new dynamic to data protection. In addition to increased technical complexity, this now forces a level of due care that is new to many industries. Just as interactions between the physical and digital world are exploding in scope, so too are people becoming more aware of the peril of being an open book to merchants and criminals and demanding greater say over and greater protection for the use of their online identities.

Gary shows how organizations can demonstrate value in their incident response program by first understanding that the business must be the focus. Once the organization realizes that incident response is about staying in business, not playing spy-catcher and whack-a-hacker, investing in incident response becomes investing in the organization, its customers, and its people. He then walks us through building the incident response program and measuring its success.

Some of the questions the authors used to frame their thoughts for this chapter include:

·       What is the business value of an Incident Response Program (IRP)?

·       What are the processes to create an IRP?

·       What are some methods to measures the effectiveness of an organization’s IRP and why is it important to the CISO?

Visit here for an excerpt of chapter 15…


Copyright © 2016, 2018 CISO DRG JV – All Rights Reserved.