Responding
to Cyber
Security Incidents
by Peter Tonkin, Operations General Manager, Cenitex
If there’s one thing we know about cyber security is that we have more foes than friends out there looking to exploit any weakness in our defences—especially those of us, like me, working in government.
As General Manager for Operations at Cenitex—the Victorian Government’s shared IT service provider, we have seen over the last 24 months major severity incidents trending up. And we can expect that to continue, if not increase.
While there are known unknowns, this trend is not one of them. In response, at Cenitex we are continually evolving our security processes and posture to keep one step ahead of threats. We have expanded our cyber security management capabilities with the establishment of a Shared Cyber Security Working Group. The group brings our customers’ key cyber security officers together to share knowledge, coordinate activities and strengthen our collective posture. We have also bolstered our cyber security personnel, including appointing a Chief Information Security Officer (CISO) and a Security Architect. Cenitex has also been a key contributor to the creation of the Victorian Government’s first Cyber Security Incident Management Plan.
Hand in hand with these continuous increases to our cyber security management capabilities, we have, naturally, also been learning from our experience with individual cyber security events. While our cyber security response reflects the best practice framework of IPDRR—identify, protect, detect, respond, and recover—and has not changed, we have made important changes to our processes to reflect the unique situation of each incident.
Speaking at the recent itSMF Victorian seminar I summarised three key learnings from our experience responding to cyber security incidents from an incident management perspective.
1. Keep doing what you’re doing … and just tweak at the margins
Ensuring your organisation already has learned, consistent and effective incident management processes for routine technical