Incident Response - Moving beyond the plan
Many organisations have an Incident Response Plan, but do not go to the extent of testing its effectiveness by simulating a potential security incident to pre-condition the response teams behaviour when the reality of an incident occurs. The Incident Response Execution Pack from Kaon Security will bring your response team together, and give them a dose of reality that will see them operate as a cohesive unit when responding to an incident.
The key elements of our Incident Response Execution Pack are:
Assess your current state of Incident Response readiness by:
- Reviewing your existing Incident Response information, plan, templates and guidelines
- Identifying any gaps and areas of concern
- Reviewing current roles and responsibilities
Prepare and Deliver Phase
Walk your team through an Incident Response scenario using a random sample playbook to:
- Assist in formalising the appropriate roles and responsibilities to handle incident
- Present and discuss suitable Incident Response supporting documentation
- Formalise tailor-made supporting forms – branded and customised
- Formalise the 19 tailor-made playbooks – branded and customised to follow your organisations structure
- Walk your team through a Simulated Incident Response exercise for Ransomware, or your choice of one Incident Response scenario from the taylor-made playbooks
The benefit of having a comprehensive IR plan (including a bespoke set of playbooks) is that you can improve the speed and effectiveness of your team in dealing with a real-life incident. Our Incident Response experts can assist an organisation to develop an IR plan, or refresh the key components of an existing one.
To ensure the IR plan execution steps are clearly understood, we can formalise the “war room” structure, walk through an IR scenario using a sample playbook, and prepare suitable supporting IR documentation, including a library of 19 IR playbooks.
The IR Playbooks follows NIST and OODA methods when aligning with the ISO ISO 27035 (Incident Response Plan), 27037 (Handling Digital Evidence), and 27043 (Incident Investigation) standards.
Contact Mike or Steve if you would like to book a session to take a closer look at the Incident Response Execution Pack.
Essential Eight - programmatic improvement
Directors and Senior Executives are increasingly aware of the call for ‘cyber resilience” in order to reduce the impact of cyber attacks on their organisation.
The Australian Cyber Security Centre (ACSC) keeps pace with the latest cyber threat tactics and publishes a baseline of mitigation strategies, called the “Essential Eight”, which are applicable to organisations of all sizes. Assessing your maturity against the Essential Eight and creating an improvement plan is strongly recommended to help you maximize resilience and effectively manage the risks associated with evolving adversary tactics.
Some questions to consider are -
- What is our current maturity status, and what should our target maturity be?
- How are we verifying our self-assessed maturity, are there any gaps that we may have overlooked?
- What is a sensible plan for Essential Eight maturity improvement?
Kaon Security assist organisations address the above points, and can provide programmatic assistance to execute an Essential Eight improvement plan. Click Here for more details.
Contact us today to discuss how we can assist.