The increasing focus on regulatory compliance and maintaining global industry operational standards is driving organizations to conduct periodic security testing. The security tests are conducted to validate the process and the procedures to respond to any incident. However, in reality these tests are carried out in silos by separate teams to monitor, support operations and security emergency response, while IT support is called only to resolve any issues or respond to emergency situations. But efficient and effective response to security threats and incidents calls for a consistent engagement of IT security as well as the operations teams, and a synergistic management of change across the enterprise.
Challenges in Engaging IT Support
Technology support for business is increasingly being integrated and automated. Furthermore, the data and systems are being moved to cloud providers to achieve greater ROI and improved availability. This is pushing business and IT management functions to adopt innovative products, solutions and services that are pre-packaged and ready to deploy.
As security incidents attract high visibility, security teams are under tremendous pressure to respond quickly to change and Innovate by making effective and on-time updates to security management systems.
It is critical that IT organizations understand the requirements, priorities and challenges of security governance, and build an appropriate engagement model.
Creating Collaborative and Responsive Teams
Organizations require structured IT governance that adheres to corporate policy and consistently evolves with changing goals and business challenges. A good starting point is to build a robust roadmap towards shared responsibility for operations support and security incident response. This can be facilitated by designing an operations responsibility map (ORM), which defines the sharing of responsibilities between teams involved in security incidents, and keeps them well prepared to initiate a quick, collective and effective response to incidents.
Developing an Operations Responsibility Map
The key steps involved in preparing a smart operations responsibility map that can drive effective security incident response include:
Listing all critical and possible activities in the event of an incident.
Identifying the products and technology enablers to automate, correlate and respond to security events
Defining the coverage of security operations and identifying the key stake holders to maintain the security posture
Outlining security incident management process
Identifying the players in the IT organization
Understanding the current IT organization plays a key role in delving further to improve the participation of IT operations for security needs. Security and risk professionals must also develop strategies and collaborative teams to deal responsively with the security challenges associated with the swift adoption of emerging technologies.
Read this white paper for more on a collaborative approach among various functions within the organization when responding to IT security incidents.