Cyber Scotland
Have a plan to prevent, detect, respond and recover from a cyber incident.
A fundamental aspect of cyber resilience relates to incident management, response and recovery planning. All organisations need to regard cyber risk as a business risk and put in place incident response plans that are tested regularly through exercising.
The NCSC defines a cyber incident as unauthorised access (or attempted access) to an organisation’s IT system/s. These may be malicious attacks such as denial of service attacks, malware infection, ransomware or more commonly phishing attacks.
An accidental action by an employee could also cause a security incident for example when a member of staff clicks on a phishing link within an email or downloading a seemingly legitimate piece of software as part of day to day work which contains a virus or malicious software.
Things that might indicate a cyber incident include:
It is good practice to have a Cyber Incident Response Plan in place that sets out the steps your organisation should take to prevent, detect, respond and recover from cyber attacks. Your plan does not have to be complex but it should be clear on the roles and responsibilities of key individuals who can take action. This should not sit in isolation and should be woven into the wider resilience, business and service continuity / disaster recovery planning.
The NCSC defines a cyber security incident as: A breach of a system’s security policy in order to affect its integrity or availability The unauthorised access or attempted access to a system Cyber incidents can take many forms, such as […]
Read more Incident Management in modal dialogYou can report Cybercrime as follows: By phoning 999 (emergency) or 101 (non-emergency) In person at any police station
Read more Report Cybercrime in modal dialog