8. Certification (prove you now have appropriate safeguards)

You'll need to defeat the attack, for example by removing malware that has been placed in your network. 

You'll also need to prove to your customers and suppliers that they can trust you again, by certifying that you have strengthened your defences. This may include the certification of your suppliers, for example any Cloud providers that store data or run applications for you.

BUT before you start to fix your systems, ensure that any forensic imaging and other investigations needed to determine the extent of the breach have been defined.

Members can call for advice on which Certifications will be most appropriate and cost effective to obtain.  

Click each image below to learn more about these examples.

CSA Star Cloud Security Alliance - Security Trust and Assurance Registry
Cloud Computing Certification Schemes List European Union - ENISA
Cyber Essentials Plus UK Government supported
ISO 27001 Information Security Management System - BSI
ISO-31000 Risk Management - Global Institute for Risk Management
NIST 800-39 Managing Information Security Risk - National Institute of Standards and Technology, USA
PCI DSS Payment Card Industry Data Security Standard