Share
Cybersecurity Incident Management Planning
Cybersecurity incident management planning aims to create the proper set of documented policies and playbooks which are followed in the event of a security incident. To ensure effectiveness, policies should be customized to best fit the organizational structure, company culture and operations. The core policy should include:
- The mission statement
- Objectives
- Definitions
- Severities
- Contact information for involved parties
- Quick forms
- Mandatory compliance
- Insurance policies
- Basic scoping of the incident (type and severity)
Playbooks are processes comprised of graphical flowcharts accompanied by a narrative in textual form. They tell various stakeholders what to do during a security incident in order to get to resolution effectively and efficiently.
Motivations that underly cybersecurity incident management planning include, but are not limited to:
- Insurance requirements
- Compliance requirements
- Customer/contract requirements
- Proper operational management of incident cases by the Security Operations Center (SOC), CIO and/or CISO
- Proper awareness, preparation and support of key business stakeholders:
- Business lines
- IT teams
- Security teams
- Risk teams
- Legal teams
- Insurance provider(s)
- Executives
- Board of directors.
- Preparation of the technical procedures writing work to support automation, standardization and reproduceable work
- Enablement of incident management training (table-top exercises)
- Facilitation of the SIEM/SOAR use-cases implementation
- Support of cyber threat intelligence analysis and historical threat mapping
- Facilitation of “lessons learned” after a security incident
Take the next step to
engage with Canary Trap
engage with Canary Trap
If you require our cybersecurity services please share your details below and we will be in touch!
Canary Trap’s approach to cybersecurity incident management planning combines several activities to ensure a robust engagement:
- Interviews with various key business stakeholders to define:
- Organizational culture
- Organizational structure
- Operational processes and ways of doing things
- Gap analysis of requirements:
- Incident management core needs
- Dependencies and alignment needs
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Review of existing documents, processes, contracts, policies
- Writing the core policy
- Design of the playbooks
- Writing the narratives
- Table-top exercise to validate the general policy and flows
Canary Trap combines human expertise with sophisticated tools, proven methodologies and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.
For more information, please complete our Scoping Questionnaire or Contact Us.
