When responding to an incident, there is always extreme pressure to gather and process digital evidence before it is no longer available or has been modified. As illustrated in the KPMG 2015 Global CEO Outlook report, half of chief executive officers polled said their organizations are either not prepared or only partially prepared to deal with a major cyber-attack.  One reason these executives gave for this lack of preparedness was because too much attention is being spent on preventing attacks, and not enough on protection and response actions.

Here are five examples of how to shift from a reactive to proactive cyber preparedness model through the process of Digital Forensic Readiness.

Maintain a business-centric focus

One of the most significant barriers to cyber preparedness success is a lack of communication. It’s important that all key stakeholders understand the business risks they are trying to manage in both business and technical perspectives.  This includes the “value-add” of cyber preparedness as well as the ecosystem of complementary people, processes, and technology controls required to become proactive.

Don’t reinvent the wheel

Cyber preparedness does not need to be completely built from the ground up.  Methodologies such as Digital Forensic Readiness follow a systematic approach that supports proactive capabilities by leveraging industry best practices, references, methodologies, and techniques from credible and reliable sources (e.g. National Institute of Standards and Technology).  The investment in time, effort, and resources to achieve cyber preparedness should focus on what is required for a successful implementation and not on re-creating materials that are readily available for use.

Security intelligence goes beyond threats

The concept of security intelligence in this model will expand beyond traditional threat information collection.  It encompasses data generated by users, applications and infrastructure so that relevant business impacts can be assessed.  The most effective security intelligence programs take longer-term trends, risks, and business into account.

Keep tabs on external relationships

Where a decision is made to outsource a portion of business operations, organizations must always retain accountability.  With a risk-based methodology, ongoing management and monitoring of the third-party relationships should proactively identify risks and validate compliance with contractual agreements.

Understand costs and benefits

Decisions to skip, substitute, or not invest the amount of time, effort, and resources requires for a successful implement will most certainly result in a failed, incomplete, or misaligned implementation.  It is extremely important that organizations fully understand the impact a cyber preparedness program will have on budgets but also the benefit that will be realized from:

This article was sourced in part from the book by Jason Sachowski, titled “Implementing Digital Forensic Readiness: From Reactive To Proactive Process,” available now at the Elsevier Store and other international retailers.

Related Content: 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!