Sony, Target, Equifax, Facebook, Kaspersky, Iran Nuclear Plant , do these names ring a bell?
You might noticed them from the newspaper headlines (or a blog post somewhere like dark-reading, theregister). What they have in common is that there are big organisations, and all have been breached at one point in their business lifetime. The question is not whether you are going to get breached, it is matter of when? and the question to ask yourself, is do you have enough resilient controls to make your business sustain these attacks and continue serve your customers or the public?
If the reality hasn’t sunk in yet, I think it is the right time to review your Incident Response Plans and your infrastructure and processes resilience (and dont forget your PEOPLE, their resilience matters the most).
In preparation to build the resilience needed to respond to attack, it is better to start at the grassroots level with the following questions:
- Why most organisations are not prepared to respond to security attacks?
- What is the reasonable resilience look like from three dimensional of Technology, People and process (TPP)
On the next post, I will expand these two questions, for now let’s leave it here
Like this:
Like Loading...
Author: kinyoka
A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS.
A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA.
Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. .
Specialties:
ISMS based on ISO/IEC 27001/2
Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC)
IT Governance, Risk and Compliance (GRC) Management
Cyber Security
Penetration Testing
Enterprise Security Architecture
Technical Security Architecture
View all posts by kinyoka