Complying with the latter
The objective of this guide is to raise awareness within companies of all sizes about the importance of planning the management of cyber security inci-dents ahead of time.
Cyber security incident management is not a linear process; it’s a cycle that consists of preparation, detection, incident containment, mitigation and recovery. The final phase consists of drawing lessons from the incident in order to improve the process and prepare for future incidents. During this cycle, communication with both internal and external stakeholders is of critical importance.
Many organisations may not have the necessary in-house expertise and skills to respond adequately to a cyber security incident. When they are facing an incident, they may need to call upon experts to contain the incident and/or to carry out forensic investigations. This does not mean that they cannot do anything themselves. On the contrary, there are a lot of things that can and should be done before an actual incident occurs.
Drawing up an organisation’s cyber security incident response plan is an important first step in cyber security incident management. It is also crucial that top management validates this plan and is involved in every step of the cyber security incident management cycle.
