Secure The Operations
Operations are responsible for managing the live environments - their duties can be summarised as Protect | Detect | Respond. It is important that response actions are scripted and so can be triggered as needed – as opposed to having to think and act on the fly / under the pressure of a live incident.
They must monitor everything that is happening – and should be looking for the unexpected events or failures … and should it happen implement incident response protocols to take the appropriate preventative measures or contain any damage.
Threat intelligence is knowing the latest security landscape , and possible threats, and so can help planning in advance how to respond. Need to avoid surprises and the unexpected.
After any incident requires forensics and root cause analysis should be done - in particular to determine if there is any compromise to the confidentiality / integrity and availability of the data and associated applications.
And finally, business continuity – is about having processes in place to keep the business running during major disruption or disaster, such as earthquake, power outage, fire, cyber attack, etc.