Emergency Incident ResponseReport a Confirmed or Potential Breach? Call +1 770-870-6343
0 Results Found
              Back To Results

                Proactive Incident Response

                Incident Response Preparedness

                Taking a proactive approach

                Many people associate the term “incident response” with response, recovery and mitigation efforts following a major security breach. However, incident response is not just a reactive activity. As best practice and industry frameworks indicate, and as the evolving adversaries and regulations demand, you need to consider proactive activities as well.


                Incident Response Lifecycle

                There are 4 key phases of incident Response:

                • Preparation
                • Detection & Analysis
                • Containment & Eradication
                • Post Incident Activity

                Being Proactive Across the IR Lifecycle

                Knowing an incident is a likely scenario, you need to ensure that you have the capabilities and processes to detect and respond to security incidents so that you can be resilient to an attack and prevent more in the future. Incident Response Preparedness or Proactive Incident Response services provide you with expert help in the preparation phase (e.g. developing and maintaining a cybersecurity incident response plan) but can also assist with maturing IR program maturity, building new or developing existing capabilities, aligning to industry best practice and industry requirements, or providing preparation support across the lifecycle with:

                1. Preparation & Planning
                2. Exercises & Assessments
                3. Regular Reviews & Iteration
                Incident Response Preparation & Planning
                Incident Response Preparation & Planning

                Despite an increasing number of breaches and rising risk, 54% of companies still don’t have an incident response plan. Regardless of maturity, developing a cybersecurity Incident Response Plan (CIRP) tailored to your requirements is the first step towards IR program maturity. To prepare and plan comprehensively, consider the variety of plan and process documentation that exists.

                Preparation: The Role of Education and Training

                Technical Workshops

                Well-meaning but inappropriate actions after an incident can destroy valuable evidence about how the attacker accessed the network and the extent of malicious activity. Hands-on, lab-based workshops allows students to practice fundamental skill sets and help ensure an efficient and effective response and hand-off to third party emergency services.


                Understanding the Threats

                Understanding the threat to your organization and the risk you face is important when designing security programs and processes. Educational briefings provided by threat intelligence researchers and analysts can provide a relevant and targeted analysis that will serve to identify areas of exposure and opportunity, but also help take a threat driven approach to your cybersecurity incident response plan development and scenario-based exercises best suited to your organization.

                Tabletop Exercises

                Simply planning for the inevitable of a cybersecurity incident does not ensure preparedness. Performing tabletop exercises is a low-impact mechanism to ensure team readiness and spot problems before they arise during real incidents. Tabletops can be technical or non-technical, typically serving to identify pitfalls and raise awareness across your organization and key stakeholders. Equally, for less mature organizations, a tabletop exercise can be used to help design a plan by bringing key considerations to the fore.


                Non-Technical Workshops

                While some workshops focus on technical education, it can also be worthwhile having expert-led, facilitated dialogues on non-technical topics. These may include some form of interviews. Non-technical workshops are designed to raise awareness, understand stakeholder concern or enable business buy-in. For instance, interactive workshops with key stakeholders of an IR plan can provide an alternative approach to a scenario-based exercise (tabletop).

                Webcast Measuring Your Cybersecurity Plan Effectiveness

                Exercising and testing a plan through tabletops, enables teams to practice and raise awareness, but they also provide a forum to examine roles and responsibilities, unearth interdependencies, and evaluate plans to enable you to iterate and improve.

                Review & Iterate
                Review & Iterate

                To help identify weaknesses and opportunities in existing plans and processes beyond exercising your plan consider other means to help guide improvement:

                CIRP & Documentation Reviews. Incident response consultants can help review and compare your CIRP against industry best practice (e.g. NIST, ISO), and draw from IR experience and expertise to offer recommendations to improve existing documentation. CIRP information does expire and regular reviews and maintenance is needed on a regular basis.

                Comprehensive Program Assessments. More comprehensive reviews that go beyond merely reviewing documentation. They combine with stakeholder interviews, workshops, technical and non-technical exercises and hunting. The result is a holistic examination of different facets across your organization in order to understand strengths and opportunities for improvement.

                Lessons-Learned Analysis. Capturing lessons that can be learned from an incident also help improve preparation and planning. These should feed and inform the Incident Response Preparation and Planning phase.

                Post-Incident Activity

                While lessons learned from exercises and tests provide valuable remedial actions and insights into an organization’s defense and response capabilities, capturing lessons that can be learned from an incident also help improve preparation and planning. Lessons learned are a critical part of the response and recovery process, allowing you to identify ways across people, process and technology to decrease the likelihood or impact of a reoccurrence and iterate existing practices.

                HELPFUL INSIGHTS FROM OUR EXPERTS

                Blog

                Teachable Tabletop Exercises: My Year as a TSA Officer Read More

                Webcasts

                Proactive Incident Management Read More

                Blog

                2018 Cost of Data Breach vs. Cybersecurity Response Plans and Solutions Read More