BorderHawk’s Business Cyber Disruption Planning Workbook
This planning workbook is offered as a simple facilitation framework for your company to begin exploring and preparing for response and recovery from a Cyber Disruption.
The document is provided as an “open source” that can be morphed to fit any variety of organizations. Please feel free to download, adjust and use as you consider appropriate!
To request a Microsoft Word version of this document please click here – email@example.com
BorderHawk’s Cyber Incident Management Self-Audit
The object of this Cyber Incident Management Self-Audit is to help guide an organization with identifying risk around current processes and procedures for handling cyber incidents.
The document is provided as an “open source” fill-in-the-blank .pdf document designed to fit a variety of organizations. Please feel free to download, complete and use as you consider appropriate!
Cyber Disruption Events: Online Attacks
Over the last several years cyber criminals have unrelentingly attempted to gain access to certain email or system accounts. Quite often these accounts are specifically targeted as belonging to the organization’s senior leadership, select administrative support, or select IT staff. The objective for gaining such access is toward the ability to impersonate a legitimate account owner or assume key system rights. The motive in gaining such access ranges from business financial theft/fraud to creating mayhem for government organizations to simply stealing information for profit or in anticipation of committing future crimes.
Cyber Disruption Events: Ransomware
Ransomware is a cyberattack designed to deny the victim organization access to critical data. It is most frequently delivered via e-mail to end users within the victim organization. Upon successful delivery, the attacker demands a ransom payment (most often in Bitcoin) and alleges that upon payment the code necessary to unlock the victim’s data and systems will be provided.
A preventative strategy is your best bet in avoiding a Ransomware Attack. As a part of that strategy you’ll likely increase your malware scanning and consequently catch the attack before full execution. But, if you’ve not been able to pursue a meaningful anti-malware effort, your first detection of the attack will likely be a splash screen at startup. The message will be obvious, you’re now a victim ⎯ pay up or lose your data.
Ignore Key Cyber Risk Components at Your Peril
For a long while knowledgeable information security professionals have advised that three areas of information management must be recognized as essential components of a viable information security strategy ⎯ People, Process, and Technology.
Yet, there seems to have always been a constant deluge by the media, academia, and the IT industry advocating that Technology is hands down the most critical facet in protecting information. But, if the three-pronged strategy is understood, Technology is only one-third of that strategy. What about Process? What about People?