Advertisement

Managing a Cybersecurity Crisis

  • Scott E. Donaldson
  • Stanley G. Siegel
  • Chris K. Williams
  • Abdul Aslam

Abstract

When does a cybersecurity incident become a crisis? Generally, when it has enterprisewide impact or when it requires activation of disaster recovery plans, it's a crisis. It's when a single compromised server becomes ten compromised servers, then a hundred, and pretty soon the entire data center is infected, damaged, or worse. Over the past several years, there have been several public instances of massive IT crises including Saudi Aramco in 2012 and Sony Pictures Entertainment in 2014. Smaller incidences occur every day, outside of the public eye. This chapter describes how things change when a crisis occurs and how enterprises behave under the duress of a crisis situation. The chapter also describes techniques for restoring IT during a crisis while simultaneously strengthening cybersecurity to protect against an active attacker who may hit your enterprise again at any moment.

Keywords

Recovery Process Critical Path Crisis Situation Recovery Effort Incident Response 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam 2015

Authors and Affiliations

  • Scott E. Donaldson
    • 1
  • Stanley G. Siegel
    • 1
  • Chris K. Williams
    • 1
  • Abdul Aslam
    • 1
  1. 1.VAUnited States

Personalised recommendations