Cyber security must become more playbook-driven to reduce the time to respond to threats. Priority should be given to leveraging and adapting generic playbooks.
The model to aspire to is the airline industry model of physical security operations which is highly orchestrated and automated, as well as reviewed and rehearsed.
User organizations need to commit to defining, documenting and maintaining their security playbooks. Without that, there can be no effective security automation.
Automating basic Defensive playbooks is a lot easier than automating Incident Response (IR) playbooks.
More standardized security operations enable playbooks to run to completion faster.
Most enterprises can’t manage security playbooks very well. Providers of managed security services should prioritize investing in managed playbook services.
Author: Cyber Threat Alliance
Systemic Cybersecurity Risk and role of the Global Community: Managing the Unmanageable
Cyberattacks are frequently becoming ‘cyber events’ with systemic impact. How can governments and businesses respond?
Preparing for New Incident Reporting Requirements
Mandatory cyber incident reporting is being extended to many more organizations. Those already subject to these regulations face new, more stringent, requirements. Engaging proactively with government agencies and your own incident response and legal partners will make mandatory incident reporting as frictionless as [...]
An Update on the State of the SEC’s Approach to Cyber Risk
This update follows the March 2021 State of Cyber-Risk Disclosures of Public Companies. Recent cyber-related comments and enforcement actions by the U.S. Securities and Exchange Commission made clear that the SEC has escalated its scrutiny of the cybersecurity disclosures of [...]