5 Ways Ops Can Help Before, During, and After a Breach

I blogged about why Ops needs to be involved in cybersecurity decisions, and I blogged about how to remove the perceived barriers to doing so. But, what are the actual outcomes, or deliverables, that Ops’ participation should be driving? How should we be participating in risk mitigation through cybersecurity? Leaving aside the decisions around the technology solutions your organization will implement (for now), I put forward that Ops is an integral and distinct part of your Incident Response plan – before, during, and after a breach.

My peers have written about the steps to take after a hack with IT in mind – now it’s my turn. To include in your Incident Response plan, here are five specific activities that Operations teams are well-suited to owning and delivering in collaboration with technical stakeholders.

Assembly & Enablement of the IR Team (Logistics)

I have mentioned previously how IT people and Ops people think differently; specifically, that IT folks are often very thorough but not always very organized. As such, I posit that it’s an Ops person you want to actively assemble and organize your response team during an attack. What actually happens will depend on the time and place the attack occurs, determining whether your IR team is already in the office, or available. Unfortunately, you can’t control when at attack happens, and I’m told that hackers know to strike at choice moments when your in-house responders are unlikely to be available or even aware of the alerts, making their assembly at the right moment essential.

One of the things Ops can help with before a breach is working with IT to ensure responders are able to work remotely. Ops should also help determine which stakeholders are on the list, backups in their absence, and documenting and maintaining the best (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Jennifer Mitchell. Read the original post at:

Secure Guardrails