Business Continuity Planning for Your Security Operations
Development and maintenance of a business continuity (BC) plan is required for regulatory compliance for most organizations. However, maintenance often falls to the wayside until those plans are truly needed, in times of crisis, like the current COVID-19 pandemic. That’s when the real value of a well-conceived plan comes in, and some organizations with significant foresight will come out stronger for it.
Respond Software prepared a business continuity plan as part of our SOC Type 2 Audit. The BC plan is intended to guide the company during crisis events, whether naturally occurring or man-made, that impact our ability to conduct normal operations. Most BC plans, including ours, have sections focused on the following areas of concern:
- Risk Assessment – ratings are assigned to the likelihood and impact of various incidents.
- Business Impact Analysis – the key business functions are determined, acceptable downtime figures for each, and impact to the business.
- Roles and Responsibilities – who is responsible for key tasks to ensure business continuity.
- Contact Information – work and personal contact information for key company leaders to ensure communication is maintained during the crisis.
Perhaps the most crucial aspect of most plans is the description of key business processes, systems and vendors, and the steps to pursue if those elements are threatened or taken down. One critical element of our 55-page document is our cybersecurity program. We take our mission to secure our organization, employees, partners and customers very seriously.
The area that most companies struggle with in BC plans is what to do when key personnel aren’t available. I have been a part of a tabletop disaster recovery walkthrough and have personally seen the chaos that can ensue when a key team member is pulled from the exercise.
Cybersecurity programs rely on three key pillars: people, processes and technology. Events like the one we are going through now pull one of those key pillars of into question. People are the core of security operations. Personnel costs account for an average of 50% of a SOC’s budget, according to a recent Ponemon Institute survey. Teams typically respond to security incidents and coordinate across various other groups to mitigate the attack. With the talent shortage in the industry, most organizations already have a difficult time filling roles as it is. As a result, many are looking at automation to handle transactional security – the mundane, day-to-day tasks. One of these areas is security alert monitoring.
Security operations teams are flooded with security alerts. That makes it nearly impossible for the actionable security incidents to be found within a sea of false positives. To grapple with this, most large organizations throw teams of Tier 1 analysts at the problem. But this is where automation shines and part of the value of the Respond Analyst. The Respond Analyst automates the analysis and triage of security data, at machine speed, with a level of depth and consistency unmatched by human analysis. Its proprietary intelligent decision engine provides built-in reasoning and judgment to make better decisions, faster. Fewer false positives means there are more real incidents for SecOps teams to respond to, resulting in a faster time to recovery and potentially lower costs.
Automation of security monitoring can be used to free up human resources and budget for other security projects, especially in a crisis. It can also be a fallback plan for business continuity programs, as it will continue to operate 24x7 without breaks, filling in for personnel who are unavailable, while triaging the most crucial incidents for the team members handling incident response.
As we get through this crisis, it gives us some perspective on what investments we’re making that will help us operate effectively in normal operations and be of assistance to keep businesses running during life changing events. For many organizations, Respond Software can get up and running in short order and can provide 24x7 coverage to do the initial cybersecurity monitoring, scoping and triage. If you’d like to learn more, drop us a line.