Financial Crime World

Cyber Incident Response & Recovery: A Standard of Sound Practice

In today’s digitally connected world, cybersecurity has become a top priority for organizations to mitigate the risk of cyber attacks and ensure business continuity. The Cyber Incident Response & Recovery (CIRR) Function is a crucial component in managing cyber risks, ensuring that organizations are prepared to respond effectively to cyber incidents.

Establishing an Incident Coordinator

A designated incident coordinator or team plays a vital role in coordinating actions and communications during a cyber incident. This helps minimize the potential for conflicting orders or information from different stakeholders, improving the flow of information and aiding response and recovery efforts.

Executive Sponsorship

Management’s commitment to cybersecurity is essential in creating an organizational environment where staff are encouraged to report or escalate cyber incidents. An executive sponsor demonstrates this commitment by actively supporting cybersecurity initiatives and promoting a culture of openness and transparency.

Portfolio/Programme/Project Management Office (PMO) Responsibilities

The PMO should provide centralized coordinated management and support for technology-related projects and change management initiatives in the organization. This includes:

  • Leveraging strategic partnerships
  • Developing and managing procedures, policies, templates, and documentation shared by projects
  • Auditing projects to ensure compliance with set standards

Cybersecurity Focus Areas

Programmes and projects supporting the cybersecurity strategy should address focus areas such as:

  • Critical infrastructure security
  • Network security
  • Application security
  • Storage security
  • Cloud security
  • Information security
  • Cybersecurity awareness and training
  • Business continuity and disaster recovery planning

Third-Party Dependencies

DTIs must engage in robust planning and due diligence to identify risks related to third-party service providers and establish processes to measure, monitor, and control the risks associated with them. This includes:

  • Conducting cyber risk assessments and due diligence before entering new third-party relationships
  • Verifying that resilient operational processes are in place

Risk Identification and Assessment

Risk identification entails determining the threats and vulnerabilities to a DTI’s IT infrastructure. DTIs should be vigilant in identifying and analyzing cyber risks, which is a crucial step in the risk containment exercise. Regular penetration tests and scenario-based cyber exercises can help evaluate the cybersecurity posture of systems and identify potential weaknesses.

Conclusion

The Cyber Incident Response & Recovery Function is a critical component in managing cyber risks. By establishing an incident coordinator, promoting executive sponsorship, providing centralized management, addressing focus areas, mitigating third-party dependencies, and identifying and assessing risks, organizations can ensure effective response and recovery from cyber incidents. It is essential for DTIs to adopt a proactive approach to cybersecurity to minimize the impact of cyber attacks and ensure business continuity.