Question

DumDum Pty Ltd is a successful IT company. You are the IT Manager of DumDum Pty Ltd.

How is your company addressing cybersecurity policies and procedures in such a scenario?

Will you make it a part of your Integrated Safety Management (ISM) and Quality Assurance (QA) System?

Describe what your cybersecurity response plan includes e.g. Initial action, Response, Media crisis, support vendors in such a case scenario. Cite your sources.

Answer 1

1.cybersecurity policies and procedures of the company:

Due to rapid proliferation of information technology (IT) and its direct impact on the functioning of an organization, IT and its functional ecosystems can no longer be viewed in isolation. Proliferation of IT has its flipside too; that of induced vulnerability to threat of cybercrimes. Hence it has become organizationally imperative to safeguard the official cyber space from nefarious cyber crimes keeping the overall threat in perspective; the Dum Dum pvt limited has released the Cyber Security rules. The Cyber Security Policy aims at protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation. The objective of this policy in broad terms is to create a secure cyberspace ecosystem and strengthen the regulatory framework at the National level in general and at the Department of Defence Production in particular. The development of the policy was prompted by a variety of factors, including the growth of India’s information technology industry, an increasing number of cyber-attacks and the country’s “ambitious plans for rapid social transformation.” The National policy sets forth 14 diverse objectives that range from enhancing the protection of India’s critical infrastructure to assisting the investigation and prosecution of cybercrime, to developing 500,000 skilled cyber security professionals over the next five years. To accomplish these objectives, the ibid policy details numerous action items for the Indian government, including :-

• Designating a national agency to coordinate all cyber security matters.
• Encouraging all private and public organizations to designate a Chief Information Security Officer responsible for cybersecurity.
• Developing a dynamic legal framework to address cyber security challenges in the areas of cloud computing, mobile computing and social media.
• Operating a National Critical Information Infrastructure Protection Center; Promoting research and development in cyber security.
• Enhancing global cooperation in combating cyber security threats.
• Fostering education and training programs in cyber security.
• Establishing public and private partnerships to determine best practices in cybersecurity.

2.Integrated Safety Management (ISM) and Quality Assurance (QA) System:

• yes integrated Safety Management (ISM) and Quality Assurance (QA) System will be the part of our company system.

because,Integrated Safety Management (ISM) and Quality Assurance (QA) system provides a structure so that AD personnel can perform completed staff work to fulfill their obligations to ensure the AD mission is successful. It is also designed to incorporate the essential elements and requirements of Quality and Integrated Safety Management to provide the structure to ensure that our product requirements are met in all of these areas, and ensure the health and safety of on-site personnel.

Initial action:

• Assess the current state of the security environment.
• Monitor networks.
• Collaborate with colleagues and stakeholders.
• Set security measures and controls.
• Create a dynamic security culture.
• Consider DevSecOps.
• Review your budget.
• Be transparent.

Immediate Response:

1. Preparation

This phase will be the work horse of your incident response planning, and in the end, the most crucial phase to protect your business. Part of this phase includes:

• Ensure your employees are properly trained regarding their incident response roles and responsibilities in the event of data breach
• Develop incident response drill scenarios and regularly conduct mock data breaches to evaluate your incident response plan.
• Ensure that all aspects of your incident response plan (training, execution, hardware and software resources, etc.) are approved and funded in advance

Your response plan should be well documented, thoroughly explaining everyone’s roles and responsibilities. Then the plan must be tested in order to assure that your employees will perform as they were trained. The more prepared your employees are, the less likely they’ll make critical mistakes.

2. Identification

This is the process where you determine whether you’ve been breached. A breach, or incident, could originate from many different areas.

3. Containment

When a breach is first discovered, your initial instinct may be to securely delete everything so you can just get rid of it. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.

Instead, contain the breach so it doesn’t spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It’s also good to have a redundant system back-up to help restore business operations. That way, any compromised data isn’t lost forever.

4. Eradication

Once you’ve contained the issue, you need to find and eliminate the root cause of the breach. This means all malware should be securely removed, systems should again be hardened and patched, and updates should be applied.

Whether you do this yourself, or hire a third party to do it, you need to be thorough. If any trace of malware or security issues remain in your systems, you may still be losing valuable data, and your liability could increase.

5. Recovery

This is the process of restoring and returning affected systems and devices back into your business environment. During this time, it’s important to get your systems and business operations up and running again without the fear of another breach.

6. Lessons Learned

Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what you’ve learned from the data breach. This is where you will analyze and document everything about the breach. Determine what worked well in your response plan, and where there were some holes. Lessons learned from both mock and real events will help strengthen your systems against the future attacks.

Media Crisis:

explaining the problem by considering SHE in terms

“The crisis communications plan should include a detailed incident response plan, which addresses each type of data breach the business might face, setting out everything you’ll do at each phase, i.e., pre-crisis, during and post-crisis. It also needs to include the details of the committee, responsibilities for each member and their contact details,” she notes.

The to-do list also includes:

• Appointing expert spokespeople in every region the business operates in (to avoid issues with timezones) and setting up media training so they’re ready to be interviewed
• Identifying the audiences you need to communicate with – including employees, shareholders, stakeholders, the public, partners and the media – and determine what the needs of each will be in the event of a crisis.

Your first priority should be those directly affected, but during the crisis you’ll need to communicate with all of your audiences, from when the crisis starts to when it ends, she notes.

“Be factual, be truthful, communicate clearly and empathetically with the people affected. Be open and transparent. If you’re still working out what’s happened and you’re not quite ready to give a detailed response, say so. Prepare a holding statement for each audience and keep updating them as you learn more details.”

Finally, she recommends roleplaying what would happen if a breach occurred, in order to test and rehearse your plans.

“Don’t assume you’re sufficiently prepared to handle a crisis. It often demands more groundwork than you realise, and an elementary crisis plan and generic messaging will not be enough,” she adds.

“Don’t forget internal communication. Employees across the organization will be instrumental in managing and communicating about the crisis, so build them into your plan. Your approach might include in-person meetings, the intranet and emails.”

When dealing with media enquiries:

• Brief your expert spokespeople fully and provide them with as much information as possible, not only about the crisis, but about the media that are interested in speaking to them and the kinds of questions they are likely to ask.
• Don’t be tempted to answer questions or agree to an interview before you know the facts.
• Don’t say ‘no comment’ or try to hide away. That will only send the wrong message.

Finally,our sources to come out of the attacks:

• Train employees in cyber security principles.
• Install, use and regularly update antivirus and antispyware software on every computer used in your business.
• Use a firewall for your Internet connection.
• Download and install software updates for your operating systems and applications as they become available.
• Make backup copies of important business data and information.
• Control physical access to your computers and network components.
• Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
• Require individual user accounts for each employee.
• Limit employee access to data and information and limit authority to install software.
• Regularly change passwords.