Page 30 - SDR_V15_No1 2022_V5
P. 30

Cyber Security




                 What is a Cyber Security Playbook, and How
                 Can it Benefit your Security Strategy?



































               You probably don’t need anyone to tell you that, to-  the playbook means understanding the various types
               day, information security and cyber security are chal-  of circumstances one might find themselves in and
               lenging and fast-paced endeavours. In the last five   recognising them on the field to execute the correct
               years alone, we’ve seen a myriad of industry-altering   play at the right time.
               developments – from an ever-expanding universe of
               privacy compliance legislation and the permanent en-  The analogy of football here is apt because security is
               trenchment of hybrid and remote work to growth in   ultimately a team sport, with everyone on the defen-
               the size and scope of data breaches – the world of   sive team (your team) needing to know their roles to
               security has proven ever-complex and ever-shifting.  ensure plays are well executed to mitigate the dam-
               In a sea of constant change, security practitioners re-  age actors can do to your organisation. Business-
               quire some form of shelter. While security frameworks   es use playbooks too, and it often makes sense for
               and policies can serve this role during normal oper-  specific business functions within an organisation to
               ation, practitioners are best served by having docu-  develop their own playbooks to ensure that they have
               mentation and processes that help them respond to   strategies they can rely on to standardise processes
               security incidents. This has become increasingly im-  and adequately respond to incidents and disruptions.
               portant as the world of remote work has changed the
               types of risks organisations face, requiring evaluation   Why do you need a security playbook?
               processes and perhaps an entire encyclopaedia’s   In defining a playbook, we’ve already highlighted why
               worth of edits to existing documentation. If you hav-  a security playbook is an essential document for or-
               en’t already established (or revisited) crucial aspects   ganisations to have, especially given the rapid chang-
               of your security program in light of these changes,   es in the world of information security we mentioned
               now is likely the time to begin putting your cyber se-  above. For IT, infosec, and cyber security teams, a
               curity playbook into place.                     security playbook allows for coordination before,
                                                               during, and after security incidents and business
               What is a security playbook?                    disruptions. Although the creation of this playbook
               The idea of a playbook, which comes from the world   is spearheaded by security and technology teams,
               of sports, like football, refers to a list of strategies or   it contains organisation-wide ramifications, as it has
               “plays” that are executed by a team in response to   roles to play for everyone. From interns to the CEO,
               conditions in the game. For a football player, studying   security requires that everyone has their head in the




               30                                                    SERVICE DELIVERY REVIEW | Volume 15 • No. 1 of 2022
   25   26   27   28   29   30   31   32   33   34