Cybersecurity Management Guidelines Ver 1.1
CSM_Guidelines_v1.1_en
CSM_Guidelines_v1.1_en
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Determine impacted area with not<br />
only function of device or software<br />
but also security experts.<br />
• Establish a help desk or procedure to<br />
respond to inquiries regarding<br />
attacks or damage from external<br />
organizations or to provision of<br />
information from them...<br />
Perform regular drill for personnel<br />
Perform drill for incident response and<br />
targeted attack. Ensure that discovery of<br />
spam mail should be reported to the<br />
applicable desk rather than accusation<br />
of opening it.<br />
• Unless an appropriate log is saved for a reasonable<br />
period at an appropriate device even if<br />
communication with external device is confirmed, it<br />
is impossible to ascertain the scope of damage as to<br />
how further and when devices are infected.<br />
• Without any drill in preparation for incident, attackers<br />
can easily invade a system.<br />
• It should be recognized that a targeted mail can be<br />
inevitably opened. Accusation of opening a spam<br />
mail at the training session might lead to more<br />
damage due to unwillingness to report spam mail<br />
upon the actual receipt.<br />
response against advanced cyber-attack" by<br />
JPCERT/CC<br />
29