Kiberuzbrukumu attiecināšana

The organization should have a clear process for enriching incident information to ensure an effective response. This process should include continuously updating event data, monitoring situational awareness, and collecting information from multiple sources. Enriching incident information should help the organization manage incidents more effectively.

Organizations should conduct incident classification and impact assesment based on the following criteria:

• Number of affected parties (clients, other organizations) and if possible the number of transactions that were affected.
• Reputational impact
• Duration and downtime caused by the incident
• Geopgraphical spread of the affects
• Possible data losses in relation to CIA values
• Criticality of the services affected
• Economic impact

Organization carries out threat intelligence by analyzing and utilizing collected information about relevant cyber security threats related and corresponding protections.

When analyzing and utilizing the collected threat intelligence information, the following points must be taken into account:

• analyzing how the threat intelligence information relates to to our own operations
• analyzing how relevant threat intelligence information is to our operations
• communicating and sharing information in an understandable form to relevant persons
• utilizing the findings of threat intelligence to determine the adequacy of technical protections, technologies used and information security testing methods for analysis

After a disturbance, a forensic examination must be carried out on the malicious code or other remnants of the disturbance. A safe investigation in a closed environment can open up the causes, goals, and motives of the incident. This helps the organization fix potential security vulnerabilities, prepare for similar incidents, and identify or profile a potential attacker.