top of page
Ocean Institute

Ghostwriting

A PROACTIVE GUIDE TO MANAGING INCIDENT RESPONSE

In the world of cybersecurity, incident response management is a critical component of protecting your organization's data. When an incident occurs, it is important to have a plan, specifically tailored to your organization, in place to quickly and effectively respond. This plan should include steps for identifying the incident, containing the damage, eradicating the threat, and recovering any lost data.  It should also include the development of policies and procedures, the creation of specific incident response plans, and the training of team members. 

 

Make sure you have all the following in place to take a proactive approach to managing your organization’s incident response.

 

IT Risk Assessment

Conducting a thorough and quality risk assessment will help to prioritize security issues, identify which are the most sensitive assets, and which critical security incidents the team should focus on. 

 

The Incident Response Team

No one CISO or vCISO can be your whole incident response team. Since we all know it’s not a matter of if, but when, it’s important for all cybersecurity programs to assemble a well-thought-out contingency of responders. Your team should be composed of individuals with the necessary skills and knowledge to effectively respond to incidents. The team needs to have access to the resources needed to execute the incident response plan and each person should know exactly what their role and responsibilities are.

 

Establish Your Procedures

Next, you need to establish the procedures that will be followed in the event of an incident. You should have several plans prepared ahead of time for potential scenarios such as malware, denial of service attacks, or a phishing attack. This includes steps like identifying it and determining its scope, notifying the appropriate personnel, activating the incident response team, containing the breach, mitigating the damage, and preventing it from happening again in the future. This usually involves implementing new security controls and procedures. You should also create a communication plan to ensure that all stakeholders are kept up to date on the latest developments. 

IR Plan 7 Steps.png

Practice, Practice, Practice

Your incident response plan on paper is just a theory and theories must be tested. Be sure to exercise your plan with the team in planned and unplanned drills. Take this opportunity to uncover weak spots and make sure everyone is confident with their role.

 

While incident response management is a critical part of cybersecurity, it is only one piece of the puzzle. In order to truly protect your organization's data, you need to have a comprehensive security strategy that includes prevention, detection, and response. By taking a holistic approach to security, you can make sure that your organization is prepared for anything.

 

Rivial Platform

We would be remiss if we didn’t take this opportunity to share with you how easy it is to use the Rivial Platform to plan, practice, and respond to incidents across all elements of your security program. This is where you will build your incident response plan, populate the team(s), and store your policies, escalation path, detections, and systems. Build your general procedures with the detect, analyze, contain, eradicate, recover, and post-incident steps.

 

Risk and Response are seamlessly integrated in the Rivial Platform. From inside the Response module, it’s simple to add systems that live in the Risk module that you’d like to include in your IR plan. Without ever leaving the Response module, you can examine key risk indicators of each system to determine which systems should be added. You can then create specific steps in your playbooks that apply directly to that system. This risk-incident response integration provides a natural system of checks and balances for your risk assessment.

Platform - IR-2.jpg

You can also set up a specific scenario, such as ransomware, to respond to in the playbooks section. Then you can exercise your plan by creating your own exercises using injections and objectives, and observations and recommendations that will tie into audit findings, teams, and documents.

 

In the unfortunate event of an actual realized threat, use the Rivial Platform to respond. Select the playbook sections you want to use and check off each section.  When all sections are green, you have finished your incident response. You will also see any action items that came out of your incident response process and you can upload any pertinent documents.

IR - playbook.jpg

If you’d like to learn more about how to use the Rivial Platform for a holistic and proactive approach to incident response, join us for a demo.

WHAT IS THE DIFFERENCE BETWEEN SECURITY MANAGEMENT ORCHESTRATION™ (SMO) AND SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE (SOAR)

What is Security Management Orchestration™?

Most people in cybersecurity are familiar with SOAR (Security Orchestration, Automation, and Response). SOAR refers to technologies that enable organizations to collect inputs monitored by the security operations team.  SOAR is operations-based. But what about the management side?

 

Enter Security Management Orchestration™ or SMO™. What is SMO™? SMO™ is technology that allows organizations to manage cybersecurity in a holistic and integrated way. It is the management sister to SOAR.

 

What are the Benefits of Security Management Orchestration™?

There are a lot of moving pieces in any organization’s cybersecurity program. Let’s name just a few:

  • IT Risk Assessments

  • IT Audits

  • Vulnerability Assessments

  • Vendor Assessments

  • Pen Testing

  • Incident Response Training

  • Incident Response Playbooks

  • User Training

  • Social Engineering

 

I think you get the picture. So what does it look like after you accomplish all the tasks above?  Probably something like this:

trash desk.png

Benefit 1: No more loose spreadsheets, documents, and folders of screenshots. A quality SMO tool will give you a digital hub for all your program’s assets. But that’s the very least, more on this in benefit 2.

 

Benefit 2: Everything is integrated, giving you a holistic view of your program. SMO tools and technology take all the functions of cybersecurity and let them work together. An IT audit and risk assessment printed out and tucked away in folders on the shelf can’t communicate with each other. They’re also just a snapshot in time. SMO™ tools bring these assets together and let them communicate. For example, you can see how just one piece of evidence affects both your compliance standing and your risk ratings. 

 

Benefit 3: Saves you time. Enormous amounts of time that you can reallocate to higher-value tasks. When you’re utilizing SMO™, you are deduplicating repetitive actions, allowing technology to automate traditionally manual tasks, and turning report generation into a one-click action.

 

Benefit 4: Increased cybersecurity. Using SMO™ tools and technology will inevitably mature your information security program. Not only do these tools bring your IT audit, risk assessment, and vendor assessment results to life, it puts them front and center for continuous monitoring and assessment. 

 

Security Management Orchestration™ Tools

As the industry’s pioneer of SMO™, Rivial Data Security developed software that allows our clients to easily and holistically manage their cybersecurity program in an extremely integrated fashion. It’s called the Rivial Platform.

 

The Rivial Platform is defining the SMO™ space. We are setting a standard for helping financial institutions manage program governance, IT risk, compliance, testing, vendor cybersecurity, and incident response. 

 

The key to effectively managing cybersecurity is understanding the ecosystem, how everything works together. That's why the Rivial Platform has modules that communicate with each other. 

 

We've debuted Compliance-Risk syncing technology to save Information Security Officers enormous amounts of time while simultaneously maturing their cybersecurity program.  This allows ISOs and others managing cybersecurity to stop using all their time on tedious duplicative work and instead refocus their energy on high-value tasks while the Rivial Platform does the work. 

 

The Rivial Platform is continuous. This is something examiners are looking for more and more. Specifically, our continuous it audit and risk assessment services are performed right in the software. Not only does this elevate your IT security, but it makes exam time so much less stressful.

 

Reporting is a one-click action in the Rivial Platform. Not only can you easily access your audit report, risk assessment results, or vulnerability results quickly and easily, but also a custom Board of Directors report!

 

We don’t mean to brag (ok, maybe a little), but Rivial Data Security has set out to define Security Management Orchestration™ and the Rivial Platform is what it looks like. And to be honest, what we’ve described here is just the tip of the iceberg!

 

We want to help your organization institute Security Management Orchestration™, increase your cybersecurity, and save time while doing it. Register for a weekly occurring Rivial Platform demo or schedule your own one-on-one.

WHAT IS SECURITY MANAGEMENT ORCHESTRATION™?

 

Security Management Orchestration

Security Management Orchestration™, or SMO™, is technology that allows organizations to manage cybersecurity in a holistic and integrated way. SMO tools help create the behaviors that continuously improve security and include:

  • Comprehensive security management functions in one tool

  • Reduced effort, de-duplication

  • Integrated security program modules

  • Real-time updates

 

Rival Data Security coined the term after identifying a gap in the management side of cybersecurity. Though cybersecurity operations technology exists to make execution more seamless, nothing existed to holistically MANAGE cybersecurity.  

To fill the void, Rival Data Security developed software that allows financial institutions to ditch the mess of printed documents, spreadsheets, screenshots, and reports and manage it all in the Rivial Platform... the industry's first SMO™ tool. 

Though there have been previous software attempts to help institutions manage their cybersecurity, these solutions have not been able to provide the holistic integrations that bond all aspects of a cybersecurity program together like the Rivial Platforom does. All previous solutions are either overly-complicated and nearly impossible to use, or they're so basic, it boils down to just a repository for spreadsheets.

 

The Industry’s Premier SMO Tool

A true SMO™ strategy will always take into account all functions of your IT security program and how they affect each other. The Rivial Platform is defining the SMO™ space with its ability for each module to communicate with each other. It’s a true reflection of cybersecurity in the real world. Are your IT audits, risk assessment, and vulnerability assessments not all tied together in various ways?  By making a change in one of these areas, does it not cause a ripple effect?  The Rivial Platform captures these nuances and gives users an easy-to-follow roadmap of their entire security program.

The Rivial Platform has set the standard for helping financial institutions manage program governance, IT risk, compliance, testing, vendor cybersecurity, and incident response. It contains many time-saving features such as Compliance-Risk syncing technology, the ability to upload just one piece of evidence that maps to both the Compliance and Risk modules. A change to this evidence will ripple through all connected modules. You will be able to see the effects of that evidence being in place or not and also how that change affects your risk ratings in the form of dollars. This allows ISOs and others managing cybersecurity to stop using precious time on tedious duplicative work and instead refocus their energy on high-value tasks while the Rivial Platform does the work.

 

The Rivial Platform is true Security Management Orchestration. We want to help your organization institute SMO™, increase your cybersecurity, and save time while doing it. Register for a weekly occurring Rivial Platform demo or schedule your own one-on-one.

WHAT IS ZERO TRUST AND DO I NEED TO USE IT?

The term “zero trust” is becoming increasingly common in cybersecurity circles. But what is zero trust, and why is it important? In this blog post, we’ll explore the concept of zero trust and its implications for cybersecurity professionals.

Zero trust is a security model that assumes that all users, devices, and applications are untrusted and must be verified before being given access to sensitive data. This is in contrast to the more traditional “trust but verify” model, which assumes that users, devices, and applications are trustworthy unless there is evidence to the contrary.

Zero Trust is not a product you can purchase and implement, nor is it even a single approach or technique to adopt. It is a framework of concepts and ideas, and where do we look when we reference frameworks, NIST, of course.  The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207 provides the following operative definition of zero trust and Zero Trust Architecture (ZTA):

Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. ZTA is an enterprise’s cybersecurity plan that uses zero trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a zero trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a ZTA plan.

NIST SP 800-207 is the result of a multi-collaboration between several federal agencies and is overseen by the Federal Chief Information Officer Council. It is meant to educate and to provide a road map to assist in the migration and execution of zero trust security concepts.

There are several reasons why the zero trust model is gaining popularity. First, it’s a more realistic approach to security in a world where data breaches and ransomware attacks continue to rise. Second, it helps to ensure that only authorized users have access to sensitive data. And third, it can help to improve security by making it more difficult for attackers to gain access to systems and data. With today’s uptick in remote working in combination with traditional network defenses not doing enough, it is necessary for organizations to upgrade their network cybersecurity.

There are some challenges associated with the zero trust model. Most legacy systems are built around "implicit trust", which directly conflicts with the zero trust architecture. Not only are most legacy systems built around implicit trust, but also existing infrastructures which must either be rebuilt or replaced. Additionally, as of today, there is no formal adoption of a maturity model for zero trust architecture. While proposals for maturity models have been put forth, current initiatives for kickstarting zero trust adoption are often focused on the network layer and do not present a holistic approach for transition. 

The Cybersecurity and Infrastructure Security Agency (CISA) was aiming to release it's Zero Trust Maturity Model 2.0 this summer, according to Eric Goldstein, CISA’s executive assistant director for cybersecurity, but we have yet to see this updated document. Their original draft, open to public comment, included five pillars and three cross-cutting capabilities and received hundreds of comments. Rivial Data Security will be watching for the newest release of this document so we can share CISA's best-practices for implementing zero trust in your organization.

If developing and executing a zero trust road map is on your radar, utilizing the Rivial Platform to guide you to your zero trust architecture will be the easiest path to reach your goal. By dropping in NIST SP 800-207 into the Rivial Platform, you'll easily be able to track your organization's progress to meet your zero trust goals. Sign up for a demo of the Rivial Platform to get started.

THE SOLUTION TO THE CYBERSECURITY SKILLS SHORTAGE: AUTOMATION

“Together, the Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.”   

- (ISC)2 CYBERSECURITY WORKFORCE STUDY, 2021


 

The good news is that in 2021 more than 700,000 people joined the ranks of cybersecurity professionals worldwide. That’s a decrease in the workforce gap from 3.12 million down to 2.72 million. The not so good news is that even with this influx, demand continues to outpace the supply of talent. According to (ISC)2‘s Cybersecurity Workforce study, globally, we still need to grow the cybersecurity workforce by 65% to mount the proper defense against today’s threats.

 

Typically, we’re used to threats such as malware, ransomware, phishing, and spam, but now we have to examine the additional threat of not enough manpower. Two-thirds (60%) of study participants reported a cybersecurity staffing shortage is placing their organization at risk.

 

One way organizations are mitigating against the staffing shortage risk is investing in technology. When study participants were asked about what tech they will be investing in over the next year 38% anticipate an increased use of cloud service providers, 37% anticipate increased use of intelligence and automation for manual cybersecurity tasks, and 37% anticipate applying intelligence and automation to existing processes.

 

Most cybersecurity departments are looking to expand with full-time employees because so much of the industry’s outdated approach is very manual. These traditional approaches to IT security have a hard time keeping pace with today’s threat landscape. As we can see from the study results, cybersecurity professionals are looking for ways automation can help them.

 

Not only is automation a solution for the talent shortage, but it also increases the efficiency and  effectiveness of your cybersecurity program. There is less chance for error and missed tasks when the human element is removed, and it also yields more time for your team to focus on high-value tasks instead of the mundane. When using automation to its fullest, you’ll have an even smaller workforce gap compared to those still trying to accomplish everything manually.

 

Data security management automation is still pretty new to the industry. Although most professionals have a wishlist of what they would like to automate, most don’t know that there is software out there today that can actually do it.

 

Let’s look at some of the things you can automate in your cybersecurity program.

  1. Compliance - Risk Assessment syncing of evidence

  2. Report generation

  3. Evidence status notifications

  4. Tracking findings in a central location and status auto-updated

  5. Quantitative, financial risk scores are auto-calculated

  6. Risk measures auto-updated when environmental changes occur

  7. Compliance scores auto-updated when evidence is uploaded

  8. Risk and compliance auto-updated when KPIs change

  9. Data from external cybersecurity tools are auto-imported

  10. Vulnerability scan results auto-associated with information systems

  11. IR planning auto-associated with risk assessment

 

Now that we know what we can and should be automating, the question is how? The answer is using Security Management Orchestration (SMO)™.  SMO is technology that allows organizations to manage cybersecurity in a holistic and integrated way. SMO focuses on the following in order to create behaviors that continuously improve security.

  • Focus on jobs to be done, not controls

  • De-duplication of effort

  • Single pane of glass/greater efficiency

  • Real-time updates

  • Automation

  • Integrated modules

 

Right now, there is only one SMO solution available to achieve this level of automation, the Rivial Platform.

 

One of the most valuable benefits of using Security Management Orchestration in your organization is the freeing up of time and resources. When you can leverage software to carry out the grunt work and automate tasks that save you hours each week, you’re left with time that can be reallocated to high-priority items. Yes, it’s true that the Rivial Platform doesn’t eliminate the need for all humans from your program (not yet anyhow, wink wink), but it absolutely streamlines cybersecurity management in a way that accomplishes more with less. 

 

New and modern approaches to managing cybersecurity are the only way we will be able to keep up with and get ahead of threats. Utilizing automations are a cost effective way to work around today's cybersecurity skills shortage and result in a more mature cybersecurity program.

 

If you want to learn more about Rivial Data Security’s Rivial Platform, join us for a demo webinar held every Wednesday. Register here.

bottom of page