National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce, is responsible for developing information security standards and guidelines. In August 2012, it released a special publication, SP 800-61 Revision 2, “Computer Security Incident Handling Guide” that is widely accepted as an authority document on incident handling, incident analysis, and incident response.
NIST 800-61 Revision 2, in its abstract, states, “Computer security incident response has become an important component of information technology (IT) programs. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources.”
With the number of cyber threats on the rise – not only in terms of the number of attacks but in terms of the impact and resulting disruption as well – even enterprises well-known for their information security standards have come under scrutiny. In recent years, data breaches have been reported at an increasingly worrying array of companies – Tesco Bank, Yahoo, Target, Anthem, Ashley Madison, eBay, JP Morgan Chase, Home Depot, Sony Pictures Entertainment, Global Payments Inc., Tricare, Citibank, Heartland Payment Systems, etc.
What’s happened to these organizations can happen to anyone. Truly determined cyber attackers can find a way through any number of intrusion detection and prevention applications that might be in place.
According to Ponemon Institute’s “2016 Cost Of Data Breach Study: Global Analysis”, there is a 26% likelihood of a company having one or more data breach occurrences in the next 24 months, with the potential material data breach involving 10,000 lost or stolen records. The same study found that the cost of a data breach is significantly higher if the breach takes longer than 30 days to contain.
Most organizations invest heavily in defense, which is appropriate. For obvious reasons, proactively preventing problems through effectively securing applications, firewalls, networks, systems etc. is likely to be more cost effective than reacting to problems after they occur.
However, most security incidents do not follow a blueprint. These incidents can vary widely in nature and impact. The Incidents can be generated by malicious third parties, but can just as likely occur due to system failures or human errors; rendering it impossible to have a 100% assurance that your prevention methods are successful.