|Preparing for and responding to cyber security incidents
In cyber security, prevention is better than a cure. However, in the ACSC’s experience providing incident response, relatively few organisations sufficiently planned or prepared for a significant cyber security incident. The effective management of an incident can greatly decrease the severity, scope, amount of damage and therefore cost of a cyber security incident.
Planning and Preparation
• Have monitoring in place to assess your environment for cyber security threats.
• Have processes in place to detect when an incident may have occurred.
• Assign primary responsibility for incident response in your organisation.
• Have an up-to-date and regularly tested incident response plan and business continuity plan.
• Have up-to-date documentation such as System Security Plans and Standard Operating Procedures.
• Maintain a current security risk management plan for information security systems.
• Know if agreements with contracted IT service providers have arrangements in place for incident response, and understand what type of support you can expect.
• Identify your critical systems.
• Identify key stakeholders including communications and legal.
• How easily and quickly can you access resources key to mitigating an incident? (For example, system managers, technical experts, Internet Service Provider, system logs and physical system infrastructure).
• Have an up-to-date after hours contact list for key personnel and external stakeholders
• Have the ability to identify and isolate an affected workstation or server
• Understand your legislative requirements and obligations for incident reporting.
• Have procedures in place to provide information and reporting to relevant parties during an incident.
• Be familiar with the Cyber Security Incident Reporting process to the ACSC (available on the ACSC’s website). Early reporting of significant cyber security incidents to the ACSC will enable the triage, mitigation and containment of the threat, if required. Reporting cyber security incidents also assists the ACSC in developing an understanding of the threat picture for Australian information system networks, and subsequently, enables the delivery of comprehensive cyber security advice relevant to such networks.
The complete report (Cyber Threat Report by the Australian Cyber Security Centre (ACSC) can be found at: ACSC 2016 -Threat Report