Cyber the latest buzzword currently in the media. There are many examples about the horrors of cyber attacks. There are additionally many
types of IT security incidents that could easily be classified as a Cyber Security Incident.
Serious Organised Crime
Extremist Groups (including Anonymous)
The main difference between cyber incidents and regular incidents appears to lie in the source of the attack; minor criminal compared to a
major organisation or syndicate. Not the type of incident e.g.. Hack, Malware or Social Engineering.
Organisations are seldom adequately prepared for a serious cyber incident. They often lack budget, resources, technology or recognition of
the type and magnitude of the problem. In addition, they do not have software, testing, process, technology or people to handle
sophisticated threats such as Advanced Persistent Threats (APTs).
Preparing for a Cyber Incident
Research revealed that few organisations are prepared in terms of:
People (Incident Response Team, technical experts, fast-decision makers)
Process (knowing what to do, when to do)
Technology (knowing their own network, providing the right forensic evidence (logs etc))
Information (having info close to hand about business operations and policies, critical assets, dependencies etc)
Responding to a Cyber Incident
Phase 1 - Prepare
Conduct a criticality assessment
Carry out a cyber security threat analysis
Consider the implications of people, process, technology, & information