Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Building a strong incident response and management plan

1 April 2016 Conferences & Events, News & Events

By Kirsten Doyle

Security incidents are commonplace in businesses of all types and sizes. Whether through sophisticated malware, violation of security policies or employee carelessness, these threats can be catastrophic to the business.

"Given the digital landscape upon which most organisations are either currently operating on or considering as part of their future strategic imperatives, it is very important to consider incident response and management," says Ritasha Jethva, head of Information Privacy / PAIA officer at the Nedbank Group, who will be presenting on the importance of incident response capabilities in today's digital environment, at the ITWeb Security Summit 2016, to be held at Vodacom World from 16 to 20 May.

She says in the age of consumerism, consumers and employees have access to all sorts of social networking platforms which they can use to complain about companies they are dissatisfied with. "The supporter base grows at exponential speeds through these platforms and as companies, we need to understand how, when and what to do under these circumstances."

While consumers use the technology platforms for their own purposes, explains Jethva, cyber criminals utilise the platforms to expose confidential information in an unauthorised manner, either for financial gain or in order to demonstrate a point to the company they aggrieved about. "Unfortunately, this comes at the cost of both the company concerned as well as the individuals impacted and it is important that we think about different tactics when addressing incidents in a landscape where issues become viral in a matter of seconds."

Drawn out processes

Speaking about what businesses in SA are doing wrong when it comes to incident response and management, she says in her experience, companies are relying too much on long drawn-out incident response and management processes. "It's almost as if they spend too much time on the internal management of the incident and not enough time on responding to it.

"Sometimes, processes are not only lengthy and complicated, but hardly anyone understands how they work. Sometimes processes are not very collaborative across the organisation, and teams still operate in their silos, with pockets and escalations taking far too long, and sometimes the right audience is not involved at the right time."

Concurrently, she says some companies fail to recognise that incidents on digital platforms and landscapes gather media attention far faster than the move from step one to step two on their incident management process. "As a result, companies take too long to respond to the media, which results in further speculation, and at the same time, they take longer responding to queries around the incident from their consumers, partners and employees once it becomes public knowledge.

This degrades the levels of trust people have in the company and can affect the reputation of the organisation concerned. Traditional incident response and management processes were never built for today's types of incidents and hence they fail when the time comes to utilise it."

A different engagement model

In terms of what businesses could be doing better, Jethva says they need to be spending more time understanding who will respond to the incident at hand, and how they will do it. "The management processes need to give priority to both the management aspects and the response aspects. Roping in the public affairs representatives, senior officials of the company concerned, and the key specialist areas, such as IT, privacy, security, legal, risk and compliance, introduces a completely different dynamic within incident management."

She says it suggests a different engagement model, a different way of responding, opens up myriad varying communication channels to utilise, and suggests that all parties are required to be in sync at all times. "Preparing the various stakeholders through simulations and helping everyone understand their role in the process is critical and this is where I believe the emphasis should be placed going forward."

Delegates who attend Jethva's talk can expect some interesting perspectives on incident response and management. They will be left with pointers on what to consider when dealing with incidents in the digital landscape and what to watch out for. "It's a talk that is expected to broaden our horizons and thinking on this topic."

ITWeb Security Summit 2016

Hear opinion from Ritasha Jethva, Nedbank, on incident response and management at the ITWeb Security Summit 2016, 17 and 18 May. To view the full agenda, click here. To register, click here





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
World-first safe K9 training for drug detection
Technews Publishing SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
The IoT trends shaping a smarter, more connected future
IoT & Automation News & Events
The Internet of Things (IoT) is revolutionising sectors across Africa. In 2025, IoT is expected to continue driving digital innovation, enhancing operational efficiencies, and enabling the creation of smarter, more sustainable ecosystems.

Read more...
Stay safe while using AI assistants
Kaspersky Information Security News & Events AI & Data Analytics
The new DeepSeek AI assistant has attracted a lot of attention, including the interest of cybercriminals. Kaspersky experts have detected scam activity related to it.

Read more...
Q-Vision Pro Wins Best of Innovation Award
Suprema Access Control & Identity Management News & Events
Suprema AI, a specialised provider of on-device AI solutions based on video analysis, announced that it has won the Best of Innovation Award in the Embedded Technology category at CES 2025.

Read more...
Scammers take advantage of desperate need for cash
Editor's Choice News & Events Security Services & Risk Management
Revitalised from their end-of-year holiday, South Africans typically tackle the new year with gusto and renewed vigour, but so do the criminals as they prepare for the rush back to school or university

Read more...
Saving lives with fire safety technology
Fire & Safety News & Events
The fire protection landscape is evolving swiftly, fuelled by technological advancements designed to improve safety and efficiency in fire detection, control, and suppression. These innovations transform traditional methods and establish new safety standards in residential and commercial spaces.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.