Many industries depend on technology for managing critical information and operations and providing better user service and experience. As a result, companies who embrace technology have increasingly become the target for various hackers and organized crime groups. Information security incidents are increasing, especially those that involve data leakage or the compromise of sensitive business or customer information. Reputation damage, legal actions, and fines or compensation payouts are among the consequences victimized companies face. What’s more, hacker groups are now more organized and use sophisticated tools and strategies to subvert information security controls for their targeted and persistent attacks. Building information security incident management and response capabilities have become priorities for many companies operating in critical sectors or in politically charged regions prone to cyber attacks.
A large oil and gas provider retained Aujas to develop a comprehensive information security incident management framework that would enable establishment of an cross-functional information security incident response team; facilitate consistent incident handling via a repeatable process and well defined rating criteria; provide guidance and operational templates; and enhance existing technology capabilities to improve incident detection and response.