Elements of a Cyber Security Incident Response Program
A Cyber Security Incident Response Program (CSIRP) or a Cyber Security Incident Response Team (CSIRT) that anticipates and neutralizes a cyber-incident is a critical need for organizations, because an Internet or network security breach results in loss of valuable data, as well as several resources and the organization’s reputation and could potentially invite lawsuits.
While putting a CSIRP in place; the management has to take into consideration the fact that Information Security, Governance & Risk, are all critical aspects of planning and execution of the Information Security Plan. It has to decide who in the organization has the key responsibility towards developing an information security governance program. It has to also review existing Information Security policies and standards to gauge their sufficiency vis-à-vis industry best practices, and update them as needed, while meeting the requirements set out by compliance regulations.
A webinar to help understand CSIRP
The effective ways of doing this will be the focus of a webinar that is being organized by Compliance4All, a highly popular provider of professional trainings for all areas of regulatory compliance. Dr. (Ms.) Michael Redmond, CEO and Lead Consultant for Redmond Worldwide, who served as an Adjunct Professor for Continuity Management at New York University and the Master’s program at John Jay College, will be the speaker at this webinar. More details of this course can be had from http://www.compliance4all.com/control/w_product/~product_id=500961LIVE/
Scope of the training session
Ms. Redmond will teach participants of this webinar the ways by which their organizations can put a CSIRP in place. She will help them establish Key Performance Indicators (KPI) to determine if their CSIRP meets business objectives and operational metrics for effecting process improvement. She will also show participating organizations the ways of tailoring and enhancing their existing CSIRP and requirements for specific audiences based on the sensitivity of the information for which they are granted based on policies.
Other important learning outcomes offered at this session include how to strengthen IT Risk Management, which involves integrating information security risk management with Enterprise Risk Management and requires using common business terminology, congruent methods, and common or linked risk register, and establishing mechanisms for risk acceptance. Ms. Redmond will also explain to participants how they can build an IS regulation review process, schedule regulation requirements and put in place a set of procedures that help to deal with a breach, malware and related issues.