Page 11 - index
P. 11
industrial, technological and communications systems got computerized. CI as a vital part of the
nation’s infrastructure got computerized as well. In other words, these all, beginning with a
simple PC at our home, over a mobile network in our neighbourhood, until the entire CI in our
country, become highly sensitive and vulnerable to different types of cyber threats.
What does this mean? If we are constantly and greatly exposed to threat and if an operation of
the entire country through its CI depends on computers, internet and mobile technologies, that
means we need protection mechanisms in sense of people, processes and technology in order
to monitor, prevent and respond to incidents within our critical systems.
The best way of protection in a modern cyber environment is through security operations
centres (SOCs). SOCs represent a safety and security part of every CI complex which level of
functioning can be at low, medium and high stage.
It is estimated that approximately 65% of SOCs in the US are at low level of maturity, while only
5% of them can be seen as a key force in terms of their cyber security capabilities.
It seems that we still need to work very hard in order to put our security capacities at top level of
maturity. But, is that the case for real? In other words, maybe in some situations and scenarios
there is no need to have a high-tech SOC, because the basic one can do a great job as well.
What we suggest here is the fact that we are still secure with our current solutions which no
doubtly follow the best industrial practice and get updated when necessary.
The Importance of the Incident Response
The most serious thing that can happen in some cyber environment is an occurrence of the
incident. The incident can include simple computer breach, intruder detection or inserting of
some malicious piece of software into system.
Whatever happens, some steps and procedures of certain actions addressed to resolve the
issue must be taken. These steps and procedures are standard part of the incident response
and people who apply them are called incident responders.
Sometimes the incident response can be observed as a key factor in cyber defense. As it is
known, a cyber security means a balance between prevention, monitoring and incident
response.
Prevention and monitoring can be seen as passive forces in security practice, while incident
response is an active principle in defense.
Although a security is a balance between passive and active actors of defense, it is intuitively
clear why incident response has a crucial role in an issue management. In fact, top security
systems are the ones with very-well developed incident response procedures.
11 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
