Cyber Security Exercises Provide Preparedness in Addressing Information
Security Threats


WAYNE, Pa., Sept. 8 /PRNewswire/ -- Cyber security attacks against public and
private information technology and networks are escalating in occurrence and
complexity. Nameless, faceless cyber terrorists can strike from anywhere in
the world without warning. Those intent on causing harm never cease in
developing new ways to attack information systems, driving a constant need to
improve skills, policies and tools dedicated to cyber security.

A cyber security exercise is a hands-on training event to test how an
organization detects and responds to information security threats in real
time. These threats include unauthorized disclosure, transfer and accidental
or intentional modification or destruction of information, including security
breaches, stolen information and inability to provide Internet services during
an extended systems outage.

"Organizations need to continually prepare for the worst, and to do that they
should test the validity of their plan," said Jim Grogan, vice president,
consulting product marketing at SunGard Availability Services. "Cyber
security incident management exercises are validation initiatives to determine
cyber attack training effectiveness and identify any gaps in your cyber
security program."

In conducting cyber security exercises, organizations should focus on
achieving five important objectives:

1. Test Cyber Security Policy Adherence. Thorough and regular testing of cyber
security plans is essential to verify your plan's clarity, practicality and
ability to achieve desired results. While organizations need firewalls,
anti-virus software and other technical tools, having security policies that
monitor and report on intrusions and other suspicious activities is equally
important. And it is critical to develop and maintain a well-trained response
team that can use the tools, and help ensure full employee training and
understanding of the policies.

2. Establish Working Relationships. A crisis should not be the first time that
the people involved in incident response work together. Cyber security
exercises need to bring together people from business and IT operations to
generate an understanding of roles and responsibilities - covering each
individual's role and also building knowledge of co-workers' roles so everyone
can function as a team.

3. Elevate Awareness of Forensics. A typical user response to a problem at a
desktop computer is to "reboot" the computer. During a cyber attack, this
seemingly harmless action may overwrite valuable forensic evidence that is
crucial to identify and prosecute the source of the attack. Exercises should
include education sessions on how law enforcement organizations and other
forensic investigation firms conduct computer forensic investigations and a
walk-through on steps all participants should take to minimize incidents of
data loss.

4. Improve Senior Executive Understanding of Complexities of Cyber Security
Threats. A cyber security attack can be a brand risk - and that demands the
attention of senior management. Communication is one of the most common
reasons organizations fail to respond effectively to an incident. The
exercise should test the chain of communications for how internal and external
crisis communications messages are developed and articulated. It also
provides the opportunity to validate and adjust information security programs
that are part of corporate and government regulatory compliance initiatives.

5. Gain Greater Organizational Credibility. Cyber attacks have the potential
to be disruptive beyond internal operations. Organizations regularly
conducting cyber security exercises increase their standing with other
companies and customers by demonstrating a commitment to being a reliable
business partner and vendor. External parties should be included in the
exercise as appropriate.

"A cyber security simulation is the closest thing to an actual incident - from
the unexpected twists and turns in the event to the unanticipated action of a
colleague. It is a great way to determine how prepared or unprepared your
organization is to respond to a cyber threat," said Chris Burgher, associate
principal, information security practice at SunGard Availability Services.

The SunGard Incident Management Exercise service helps organizations test
whether management and other personnel are aware, ready and equipped to
perform the actions necessary to prevent or respond to a disruption to normal
business operations. This service helps organizations validate readiness to
manage incident response using existing plans and provides customers with
insights after the exercise on how to improve preparedness.

About SunGard Availability Services
SunGard Availability Services provides disaster recovery services, managed IT
services, information availability consulting services and business continuity
management software to more than 10,000 customers in North America and Europe.
With five million square feet of datacenter and operations space, SunGard
assists IT organizations across virtually all industry and government sectors
to prepare for and recover from emergencies by helping them minimize their
computer downtime and optimize their uptime. Through direct sales and channel
partners, we help organizations ensure their people and customers have
uninterrupted access to the information systems they need in order to do
business. To learn more, visit www.availability.sungard.com or call
1-800-468-7483.

About SunGard
SunGard is one of the world's leading software and IT services companies.
SunGard serves more than 25,000 customers in more than 70 countries.

SunGard provides software and processing solutions for financial services,
higher education and the public sector. SunGard also provides disaster
recovery services, managed IT services, information availability consulting
services and business continuity management software.

With annual revenue exceeding $5 billion, SunGard is ranked 472 on the Fortune
500 and is the largest privately held business software and services company
on the Forbes list of private businesses. Based on information compiled by
Datamonitor*, SunGard is the third largest provider of business applications
software after Oracle and SAP. Continuity, Insurance & Risk has recognized
SunGard as service provider of the year an unprecedented five times. For more
information, please visit SunGard at www.sungard.com.

*January 2009 Technology Vendors Financial Database Tracker
http://www.datamonitor.com

Trademark Information: SunGard and SunGard logo are trademarks or registered
trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and
other countries. All other trade names are trademarks or registered trademarks
of their respective holders.

0 comments:

Post a Comment