Автор: Holger Kaschner
Издательство: Springer
Год: 2021
Страниц: 230
Язык: английский
Формат: pdf (true), epub
Размер: 10.2 MB
Cyber attacks and IT outages threaten every organization. The incidents accumulate and often form the prelude to complex, existence-threatening crises. This book helps not only to manage them, but also to prepare for and prevent cyber crises. With its practical structure, it is ideally suited to day-to-day business for crisis team members, communicators, security, IT and data protection experts. With numerous illustrations and checklists.
A cyber crisis is therefore a crisis in which IT systems and the data processed on them play a central role. This involves the classic protection goals of information security: confidentiality, integrity, and availability of the data as well as authenticity of the communication participants and contents of the communication (technically as well as organizationally). We are therefore dealing with a cyber crisis whenever a breach of the protection goals (can) result in real dangers to the life and limb of people or to the strategic goals, reputation, or survivability of our organization.
Cybersecurity Incident Response (CSIR) is the process by which we can nip a cyber crisis in the bud and thus prevent it. Even if not, CSIR remains an essential part of the technical side of crisis management. To do this, we need clearly defined responsibilities, roles and tasks, as well as the best possible transparency about our systems, configurations and procedures. Always useful: information on where we can get help.
The most common types of incidents include:
- Scans (a typical means for attackers to gain information; happens so often that we should at least automate evidence gathering)
- Compromises (any unauthorized access to an IT system or the information it processes is a compromise; sometimes difficult to detect in practice)
- Malicious code (worms, trojans, viruses, cryptolockers etc. are reported directly by (end) users or automatically by an IDS or intercepted by an IPS)
- DoS attacks (denial of service attacks flood systems with requests, overwhelming it; result: service is unavailable; difficult to defend)
Contents:
Textbook cyber crises
First things first: the human factor in managing (cyber) crises
Cyber Crisis Response
Crisis Preparation
Cyber Crisis Prevention
Post Crisis Care
At a glance: Seven deadly sins of cyber crisis management
The Target Group:
Crisis management team members
Board members and managing directors of SMEs
Chief (Information) Security Officers (CSO, CISO)
CIO, IT managers
Data protection officers
Скачать Cyber Crisis Management: The Practical Handbook on Crisis Management and Crisis Communication