CBEST & STAR Services

Incident Response Strategy Planning

Incident Response Strategy Planning

As organisations come to terms with the evolving cyber threat, many executives are looking to build and enhance their incident response plan.

What initially sounds like a trivial exercise actually requires significant analysis and planning. It isn’t simply a case of “if we get hacked – phone the local law enforcement agency”. It requires a much more robust analysis of understanding data assets, understanding threats, marrying these to protective and detection controls and then building a plan that moves from containment through triage, irradication and on to reporting and communication.

Looking for an incident response plan?

As a long standing member of the CREST cyber security incident response program, Nettitude has been delivering sophisticated incident detection and response services for many years. We have a team of dedicate analysts and consultants that are able to ad-hoc and retain incident response services. In addition, our consulting team provide strategic incident response planning services to support organisations build their own incident response capability.

For an organisation to build a response strategy, it is necessary for them to have a firm understanding of how they would detect an attack in the first instance. All to often, organisations are only alerted to the fact that they have been compromised by their bank, a business partner, a customer or by a nationalised threat intelligence service.

Incident Response Strategy Planning

Key elements of incident response planning service

Identification and review of key assets

Review of threat intelligence and likely threat actors and threat groups

Review of risk register and risk appetite

Assessment of detection capability, (technical, procedural, human)

Review of regulatory, legislative and compliance requirements

Review of process and people interconnects (customers, suppliers, business partners)

Point in time Incident Response Maturity Assessment (IRMA)

Incident response objective definition

Communication requirements

Through conducting a thorough review of all of these elements, Nettitude will build a tailored incident response plan that is appropriate to an organisations threats and risk appetite. As part of this service, we will generate a library of policy and procedure documents that define a plan that is consistent with the organisation requirements.

Key benefits of incident response planning service

The benefits of having a defined cyber incident response strategy are:

You will develop a good understanding of your information assets

You will develop a strong understanding of the threats that are relevant to your organisation

You will have awareness of regulatory and legislative requirements that apply to your organisation

You will have a defined and measured strategy document that catologues what needs to be done in the event of an incident

You will have a stronger likelihood of being able to detect, contain and respond to a cyber attack

Testing your cyber incident reponse strategy

Having a plan is one thing, but ensuring that it functions and that people, process and technology are aligned with the plan is something completely different. As a consequence, when Nettitude builds an incident response plan, they also provide a series of scenario enactments with the organisation. During this process, Nettitude will walk through the steps that need to function correctly at the point of an incident being detected.

Nettitude believes that this shouldn’t be a ‘define and forget’ process. For an incident response plan to be effective, it must be tested periodically as part of a wider assurance program. New threats and vulnerabilities are identified on a near daily basis and as a consequence, organisations need to ensure that their response plan is maintained to reflect the evolving cyber landscape. As a consequence, Nettitude provides on going incident response assessment services. These are a paper based walkthrough of a scenario, in which the incident response plans effectiveness is assessed against.

Intelligent Cyber Security and Risk Management  0345 5200 085    solutions@nettitude.co.uk