When responding to an incident, there is always extreme pressure to gather and process digital evidence before it is no longer available or has been modified. As illustrated in the KPMG 2015 Global CEO Outlook report, half of chief executive officers polled said their organizations are either not prepared or only partially prepared to deal with a major cyber-attack. One reason these executives gave for this lack of preparedness was because too much attention is being spent on preventing attacks, and not enough on protection and response actions.
Here are five examples of how to shift from a reactive to proactive cyber preparedness model through the process of Digital Forensic Readiness.
Maintain a business-centric focus
One of the most significant barriers to cyber preparedness success is a lack of communication. It’s important that all key stakeholders understand the business risks they are trying to manage in both business and technical perspectives. This includes the “value-add” of cyber preparedness as well as the ecosystem of complementary people, processes, and technology controls required to become proactive.
Don’t reinvent the wheel
Cyber preparedness does not need to be completely built from the ground up. Methodologies such as Digital Forensic Readiness follow a systematic approach that supports proactive capabilities by leveraging industry best practices, references, methodologies, and techniques from credible and reliable sources (e.g. National Institute of Standards and Technology). The investment in time, effort, and resources to achieve cyber preparedness should focus on what is required for a successful implementation and not on re-creating materials that are readily available for use.
Security intelligence goes beyond threats
The concept of security intelligence in this model will expand beyond traditional threat information collection. It encompasses data generated by users, applications and infrastructure so that relevant business impacts can be assessed. The most effective security intelligence programs take longer-term trends, risks, and business into account.
Keep tabs on external relationships
Where a decision is made to outsource a portion of business operations, organizations must always retain accountability. With a risk-based methodology, ongoing management and monitoring of the third-party relationships should proactively identify risks and validate compliance with contractual agreements.
Understand costs and benefits
Decisions to skip, substitute, or not invest the amount of time, effort, and resources requires for a successful implement will most certainly result in a failed, incomplete, or misaligned implementation. It is extremely important that organizations fully understand the impact a cyber preparedness program will have on budgets but also the benefit that will be realized from:
- Demonstrating incident management maturity
- Improving the identification and mitigation of a wider range of threats
- Increasing opportunities to detect and prevent attacks
- Encouraging good working relationships with law enforcement and regulators
- Reducing the need for discovering digital evidence
- Strengthening information management strategies to produce digital evidence when or if needed.
This article was sourced in part from the book by Jason Sachowski, titled “Implementing Digital Forensic Readiness: From Reactive To Proactive Process,” available now at the Elsevier Store and other international retailers.
- Five Steps To Implementing Security Intelligence
- A Proactive Approach To Incident Response: 7 Benefits
- How ‘Digital Forensic Readiness’ Reduces Business Risk
- Building a Cybersecurity Program: 3 Tips