Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

The evolving role of security and IT in DR and incident response

CIOs have a long history of managing incidents and disasters through established IT practices, guided by frameworks such as ITIL for incident management and disaster recovery. However, as ecommerce has proliferated, security threats have increased, elevating cybersecurity to a board-level concern. Early cybersecurity threats were limited in their scope and damage, but current threats can ruin a business. Threats have evolved from malware and denial-of-service attacks in the early days of ecommerce bad actors, to ransomware attacks that threaten the ability of a business to operate. According to an IDC Survey, “Ransomware attackers are getting more effective at finding valuable data; half of North American ransomware attacks where data was exfiltrated included the loss of valuable, sensitive, or security data (Future Enterprise Resiliency and Spending Survey, Wave 11, IDC 2023). Worldwide responses show that attackers are increasingly able to extract more sensitive data.” In another, “Over half of organizations report cybersecurity posture to the board of directors at least quarterly.” (IDC Worldwide CEO Survey, February 2024).

Given such a heightened threat, tools, technologies, and IT organizations have evolved accordingly. For critical infrastructure, regulatory requirements and standards have also evolved accordingly. This has resulted in some overlaps between security standards and frameworks and IT, which, if not managed effectively, can ruin the company’s ability to respond.

The convergence of IT and IT security standards for responding to operational and security threats

The convergence of IT frameworks such as ITIL and evolving security standards requires a cohesive approach to managing IT services and cybersecurity threats. ITIL’s focus on structured IT service management — covering incident, problem, change, and service continuity management — naturally overlaps with security frameworks like NIST and ISO/IEC 27001, which emphasize identifying, protecting, detecting, responding to, and recovering from cybersecurity incidents.

Before the rise of the security operations center, the IT command center coordinated with operations teams to respond to all incidents, engaging the typically small security team within IT. Modern SOCs are equipped with advanced tools and technologies such as security information and event management (SIEM) systems, threat intelligence platforms, and automated response solutions. These enhancements enable the SOC to proactively monitor, detect, and respond to security incidents in real time. Despite these advancements, when an incident is reported, it is often unclear whether it is a security event or not. Further, the IT command center’s central data collection may differ in alerts. When an incident occurs, both the IT command center and the SOC are alerted. The cause may be configuration issues, a data exfiltration attempt, a ransomware attack, a false alert, or something else. Both the command center and SOC are ready to respond. This ambiguity demands a coordinated and efficient response to minimize potential damage.

Collaboration between IT and security operations

The chief information security officer (CISO) and the SOC are at the forefront of preventing and responding to security incidents. Quick and effective response is crucial, but equally important is the collaboration between IT operations and security operations. This partnership is essential to determine if an incident is security-related, restore services swiftly, and mitigate any security exposures.

Depending on the organization, the CISO may report to the CIO, the risk management organization, or in some cases to the CEO or CFO. Collaboration is simpler when the CISO and security organization reports to the CIO, but this is not a guarantee for strong collaboration. Regardless of the organization, by combining IT service management with robust cybersecurity practices, organizations can ensure efficient, comprehensive incident management.

To ensure a quick diagnosis and response without the two teams getting in each other’s way, the CIO and CISO can implement the following strategies.

Define clear roles and responsibilities

Clearly defining roles and responsibilities for the SOC, IT operations, and DevOps teams ensures that each team knows its duties during an incident, reducing overlap and confusion. Developing and regularly updating incident response plans that outline the specific steps each team should take when an incident occurs, including escalation protocols and communication channels, helps streamline the response process. Ensure the SOC shares freely with the command center.

Conduct regular incident response exercises

Regular incident response exercises, such as tabletop simulations and live drills, are essential to test and refine response procedures. After each exercise or real incident, a thorough post-mortem analysis should be conducted to evaluate the response and make necessary adjustments to processes and plans.

Implement integrated communication platforms

Implementing integrated communication platforms that allow seamless information sharing among the SOC, IT operations, and DevOps teams is crucial. Tools such as incident management software and collaborative platforms facilitate real-time communication and coordination. Ensure that all relevant information about the incident, including logs, alerts, and diagnostics, is shared promptly and transparently among teams, to quickly identify the nature of the incident and decide on the appropriate response.

Leverage automation

Leveraging automation to handle routine tasks and the initial triage of incidents can significantly enhance response efficiency. Automated tools can quickly analyze alerts, correlate events, and identify patterns, allowing human analysts to focus on more complex and critical tasks. Security orchestration tools can coordinate actions between teams and systems automatically.

Establish joint response teams

Fostering collaboration through joint response teams and regular meetings of the SOC, IT operations, and DevOps teams ensures a unified and coordinated approach to major incidents. Joint response teams can work together during major incidents to ensure a unified response. Regular meetings to discuss potential threats, share insights, and review recent incidents build trust and improve the overall incident response capability.

Address tool overlap

In many organizations, there is often an overlap between the tools used by IT operations and security operations. For example, SIEM systems used by the SOC might collect similar data to what is monitored by IT operations tools. To address this overlap, it’s essential to establish clear protocols for tool usage and data sharing. By ensuring that there is a single source of truth, organizations can reduce redundancy, improve data accuracy, and enhance overall efficiency.

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the technology markets. IDC is a wholly owned subsidiary of International Data Group (IDG Inc.), the world’s leading tech media, data, and marketing services company. Recently voted Analyst Firm of the Year for the third consecutive time, IDC’s Technology Leader Solutions provide you with expert guidance backed by our industry-leading research and advisory services, robust leadership and development programs, and best-in-class benchmarking and sourcing intelligence data from the industry’s most experienced advisors. Contact us today to learn more.

Learn more about IDC’s research for technology leaders.

Gerald Johnston, an adjunct research advisor with IDC’s IT Executive Programs (IEP), founded GJ Technology Consulting, LLC, where he assisted global financial institutions and helped launch a UK startup bank. Johnston is an experienced financial services and consulting executive who excels at collaborating across teams to deliver results. Prior to his current role, Johnston led technology delivery for Wells Fargo’s Information Cyber Security, Technology, and Corporate Properties groups, where he and his team modernized the company’s Cyber Threat Fusion Center on behalf of the cybersecurity team. He was selected as a Wells Fargo Global Fellow, whereby he helped a Philippine Micro Finance Bank and its clients in conjunction with Bankers Without Borders.  He is the former CTO of shared services for Wachovia, leading technology for Core Banking, Bank Operations, Finance, Risk, Legal and Marketing business units.


Read More from This Article: The evolving role of security and IT in DR and incident response
Source: News

Category: NewsJuly 25, 2024
Tags: art

Post navigation

PreviousPrevious post:ServiceNow embroiled in DOJ probe of government contract awardNextNext post:4 cities proving the transformative value of data and IT

Related posts

Barb Wixom and MIT CISR on managing data like a product
May 30, 2025
Avery Dennison takes culture-first approach to AI transformation
May 30, 2025
The agentic AI assist Stanford University cancer care staff needed
May 30, 2025
Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
May 30, 2025
“AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
May 30, 2025
“ROI는 어디에?” AI 도입을 재고하게 만드는 실패 사례
May 30, 2025
Recent Posts
  • Barb Wixom and MIT CISR on managing data like a product
  • Avery Dennison takes culture-first approach to AI transformation
  • The agentic AI assist Stanford University cancer care staff needed
  • Los desafíos de la era de la ‘IA en todas partes’, a fondo en Data & AI Summit 2025
  • “AI 비서가 팀 단위로 지원하는 효과”···퍼플렉시티, AI 프로젝트 10분 완성 도구 ‘랩스’ 출시
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.