<p>The role of the chief information security officer is pivotal — and constantly evolving. Today’s CISOs are responsible for all aspects of cybersecurity planning, prevention and management, and must also be attuned to the needs of the business.</p>
<p>Increasingly, the job includes being a leader who helps their organization through a cyber crisis.</p>
<section class=”section main-article-chapter” data-menu-title=”Cyber incident vs. cyber crisis”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Cyber incident vs. cyber crisis</h2>
<p>Enterprise cybersecurity teams might investigate hundreds or thousands of events in a typical day. Many events are harmless and don’t require human intervention. Sometimes, however, an event becomes an incident. An <a href=”https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them”>incident is any event</a> that compromises systems or data, violates policies or otherwise poses risks to the organization.</p>
<p>Many incidents are addressed by security teams or systems with minimal disruption or damage to the business. For example, if an employee clicks a phishing link that installs malware and the organization’s antimalware detects and quarantines that malware, this is a security incident that doesn’t further threaten the business.</p>
<p>If an event is not easily mitigated or neutralized and begins to affect production systems, data, business performance and reputation, it becomes a cyber crisis.</p>
<p>Common cyber crises involve data breaches, cloud outages, nation-state attacks, systems outages, infrastructure failures and natural disasters.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Cyber crisis management vs. incident response”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Cyber crisis management vs. incident response</h2>
<p>Cyber crisis management is an organization’s ability to effectively prepare for, respond to and recover from cyber incidents that impact operations, reputation, finances, personnel or security. It is a critical component of an organization’s <a href=”https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-why-is-it-important”>risk management strategy</a>.</p>
<p><a href=”https://www.techtarget.com/searchsecurity/definition/incident-response-team”>Incident response</a> is also a part of risk management, but specifically deals with identifying, containing, eradicating and recovering from the cyber event.</p>
<p>In other words, incident response involves handling the incident itself, while crisis management involves handling the business consequences of the incident. Incident response is more technical and operational, whereas crisis management is more strategic and organizational.</p>
<p>The two are not mutually exclusive. Crisis management almost always includes incident response, but not every event handled by incident response is necessarily a cyber crisis.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”The CISO’s responsibilities in crisis management”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>The CISO’s responsibilities in crisis management</h2>
<p>In incident response, the CISO is in charge. In crisis management, the CISO is part of an executive leadership team handling the crisis.</p>
<p>In their everyday job, the CISO oversees a team of professionals managing day-to-day cybersecurity activities, including prevention, detection, response, mitigation and recovery. The CISO provides broad leadership to the team, ensuring resource availability and communicating the state of cybersecurity readiness to senior leadership. The CISO also ensures compliance with legal and regulatory requirements; collaborates with other business leaders to protect systems, data and services; and facilitates <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-employee-training-How-to-build-a-solid-plan”>security awareness training for employees</a>.</p>
<p>During a cyber crisis, the CISO transitions from an operational security leader to an enterprise risk executive. They must balance their technical capabilities with business needs and serve as a bridge between incident response teams, crisis management teams and executive leadership.</p>
<h3>The CISO’s role before a cyber crisis</h3>
<p>CISOs are instrumental in identifying risks, threats and vulnerabilities that could escalate into cyber crises. As such, the CISO is a key member of the crisis management team, which also includes executive leaders and representatives from bu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: