What should your cyber-response program include?

HiringSo you’ve taken the first step in building your cyber-response program by securing the support of the C-suite. What’s your next step?

Now it’s time to define the scope of your program and take an inventory of all your assets; this will include all customer-facing systems and all internal resources.

If you’re lucky, a lot of the work has already been done as part of your information security and business continuity programs. If not, you want to inventory of all your people, process, technology and data. If your inventory is already completed, review it with a focus on scope and assets as they relate to cybersecurity incident response.

Take a lifecycle view of your business processes by thinking through the beginning, the middle and end of each process. For example, a human-resources lifecycle business process includes recruiting, hiring, training, performance reviews, job transfers, promotions, and ultimately, termination of employees. Each step will include assets in each category.

In the people category, be sure to include not only internal resources, but also third-party resources such as part-time and temporary workers as well as contractors.

Business processes occur throughout your organization, and most will have documentation to support it—don’t forget to include this in your inventory.

Another example is the system development lifecycle for your hardware and software. Inventories must include details from operating systems to versions and service-pack levels. The same should be documented for any database management systems, Web services and applications that manage hardware. Be sure to include all services running on systems, open and explicitly closed ports, wireless systems, phone and fax systems, security cameras, door-access systems, and point-of-sale systems. Also include all mobile apps on all devices (like the point-of-sale device that may also be your phone). Don’t forget the huge amount of open-source software that is part of modern business.

Each and every one of the above has data, and a comprehensive plan will have awareness of each data element in each area. Remember: data is the primary target for cyber criminals—you need to know what you have and where it lives to protect it.