Recover
Organizations need a recovery plan which enables remediation of the breach such that the vulnerability that led to the breach in the first place has been resolved. Recovering to the initial state of the organization could replicate the vulnerability, leaving the organization exposed to a similarly executed breach in the future.
Develop and test an incident response plan
Ad Statistics
Times Displayed: 19948
Times Visited: 374 Stay up to date with the latest training to fix, troubleshoot, and maintain your critical care devices. GE HealthCare offers multiple training formats to empower teams and expand knowledge, saving you time and money
No matter what policies, processes or control mechanisms are in place, no organization can prevent a breach from occurring 100 percent of the time. Studies have shown that having an incident response plan can greatly reduce the cost of a breach, if one should occur. The Ponemon Research Institute in 2014 released the Cost of Data Breach Study: United States. In this study, Ponemon research showed that organizations with incident response plans can decrease the cost of a breach by about $17 per record. This could be significant, depending on the size of the breach. In addition, having an incident response plan provides organizations a script for testing their responsiveness. By developing a plan and then simulating a breach event, an organization can exercise the incident response plan and detect and correct any gaps. It has been shown that, analogous to disaster recovery plans, organizations with incident response plans can more effectively respond to breach incidents and minimize long-term impacts.
Develop a current risk profile and a target risk profile
To plot the path to a goal, it is important to know the starting position. The organization should create a current risk profile in order to detail the risk across defined categories and subcategories. This can be done through organizational assessment and has the additional benefit of requiring process documentation to be reviewed and accurate.
Once the current risk profile is defined, the organization will then create the target profile, which represents the desired acceptable risk. In other words, in the absence of being able to mitigate 100 percent of the risk, organizations must determine a comfort level for acceptable risk.
With both the current and target risk profiles defined, the organization can then run a gap analysis, which will highlight areas for focus and should include the development of mitigating controls.
With an evergreen infrastructure in place, organizations can then begin to monitor the ever-changing cybersecurity landscape and should have the flexibility to respond, and expand to accommodate.
