PRO+ Premium Content/Information Security
Access your Pro+ Content below.
CISOs, does your incident response plan cover all the bases?
This article is part of the Information Security issue of November 2019, Vol. 20, No. 4
Security incidents are a reality you face as a CISO. There's just no way around it. You say you're up for the task, but are you truly ready for things to go sideways? When the going gets rough (and it can get pretty darned rough in the middle of a big incident!), do you know what you're going to do -- your first step, your second step and so on? Will you know where to turn, who to call on and how to lead the charge? Incidents are complicated, but given the threats and vulnerabilities your business faces, they're not uncommon. How things shake out is up to you. I recall hearing Dr. Phil McGraw say something many years ago that really stuck with me in terms of security and incident response. It was about parents involving their children in adult issues. Dr. Phil said that you shouldn't pull your kids into grown-up conversations and situations associated with marriage, money, health and the like. Since children look up to their parents to see if all is well with the world, pulling them into complicated issues that they cannot solve...
Features in this issue
-
-
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount.
News in this issue
-
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.
Columns in this issue
-
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.
-
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?