The Israeli National Cyber Directorate has published its recommendations regarding the establishment, as well the qualifications of crisis management and incident response ("IR") teams in organisations. The document was published in light of the accelerated growth of cyber-attacks, which might cause significant harm to small organisations, as well as to an entire sector and even at a national level.

The document includes, inter alia, the following key recommendations:

  • The IR team shall include a team leader, and the team members should know how to handle data collection, data analysis and the blocking of malicious activity. It is also recommended the team include a reverse engineer and malware analysis experts;
  • The organisation shall establish the decision-making process and communication methods in advance in the event of a cyber incident;
  • The organisation shall implement internal policies which determine mandatory and restricted actions to be taken in case of an incident (such as data retention and deletion, device connectivity, and more);
  • The organisation shall map its core processes as well as the most important cyber assets, and manage their risks accordingly;
  • An annual simulation/exercise is highly recommended; and
  • The IR team shall have sufficient technology in order to enable it to respond to a cyber event, such as snipping tools, tools for detection of malicious activities (including anomaly-detection tools), and tools enabling data backup and recovery.

We would be happy to provide further advice and recommendations concerning the Israeli National Cyber Directorate's recommendations and their legal and practical implications.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.