Organizations usually invest substantially to manage and mitigate cyber attack with the detection technologies like log correlation and SOC (Security Operation Center) establishment plus comprehensive process of detailed respond to cyber threat scenarios with surprised drills etc.

Not doubt, this will uplift the organization capacity and demonstrate due diligence has been exercised to deal with cyber attacks to stakeholders.

On the other hand, cyber is just one of the failure or attack scenarios.  Like fire incident, it might be due to human negligence (left burning cigarette unattended), natural disaster (strike by lightning) or cyber attack (S01E04 Fire Code – vulnerable printer firmware).  No matter how, isolation to contain threat and promptly recovery to resume are required whether cyber or not.

Resource (both skill set and manpower) in real life is always limited and should be put on recovery then drive from this end what is required for service resumption meeting recovery time objective.  And don’t forget the TCO (Total Cost Ownership) involved to sustain the up-to-date information.

Organization also need to decide where is priority for recovery or evidence preservation.

Leave a Reply