CLICK ON ANY OF THESE IMAGES FOR A FREE STREAMING SUBSCRIPTION OF HYLAND, a digital lifestyle magazine featuring residential decoration, design, architecture, art, travel, fashion, cuisine, good works and reflections.
Issue link: http://digital.hylandmagazine.com/i/407857
HYLAND So it is prudent both to adopt thorough preventative measures and to assume that successful cyber-attacks are an unwelcome but unfortunately likely outcome. ere are already well-developed international standards for IT security incident management, but there is a need for an even more developed approach. Key elements to effective incident management should include understanding the nature of the cyber-risk, an effective cross-boundary incident management process and a program of regular exercises. Developing and maintaining a regularly updated national cybersecurity risk register is an important step towards understanding the risk, and hence achieving better cyber-security. Identifying and understanding risk greatly improves an organization's ability to take effective mitigating action; correspondingly, if the risk is not identified and understood there is almost no chance of successfully dealing with the threat. ere are a number of internationally accredited incident management techniques within the IT community, and these have much to recommend them. However, just as threats to cyber-security cross organizational boundaries, so too will an effective response require coordinated effort across organizational boundaries. In the event of a serious incident, decisions may have to be made and implemented across organizational boundaries in very short time frames. e response should be led by a leader with clear delegated authority from seniors; this leader should chair an Incident Management Team with representatives from the various organizations engaged in resolving the crisis, all of whom must be empowered to speak and make decisions on behalf of those organizations. If the response is to be effective and timely, the authority of the chairman of the Incident Management Team must be unambiguous. In the most serious situations, the delegated authority may need to come from the