Organisations today operate in an increasingly complex threat environment where cyber security attacks and associated incidents are commonplace. Breaches of corporate and government systems and information are occurring more regularly and with more sophistication and severity than ever before. These incidents often lead to significant and ongoing business impacts long after the incident has occurred. Security incidents can have a huge cost impact to a business, its customers and supply chain, including direct costs associated with recovery efforts but often more devastating costs associated with reputational damages, costly remediation activities and increased regulatory scrutiny and reporting obligations.
An organisation’s ability to respond appropriately to a cyber security incident is a critical capability that must be developed. Similar to business continuity and disaster recovery, cyber security incident management requires a well thought out strategy and plan, along with the associated people, process and technology capabilities to support the plan.
Our Incident Response Planning & Testing Process
Business Aspect provides expert advisory services to assist our customers in the many facets of incident response planning and has mature and proven services and experience in the development of Cyber Security Incident Response Plans and associated capabilities. These extend throughout the lifecycle of incident management, including:
- Development of Cybersecurity Incident Response Plans
- Development of playbooks required to respond to specific incident scenarios, such as Data Breach or Ransomware attacks
- Development of Communications plans and processes
- Training and awareness with incident responders and general user incident awareness
- Testing of Cyber Security Incident Response Plans through scenario testing and role playing
While cyber security incident response plans follow a fairly standardised process, they should be tailored to the specific organisational context, threat environment and resources that are available. Likewise, they need to be integrated and aligned with other organisational response plans and capabilities, such as crisis management, communications, business continuity and disaster recovery. They also need to consider the organisation’s incident detection capabilities, being a complex area in its own right often referred to as Security Information and Event Management (SIEM).
The Business Aspect team create the Cyber Security Incident Response Plan and supporting artefacts, in collaboration with the internal people who will own and maintain the plan to assist with the transition from an initiative to business-as-usual activities. We ensure that incident response plans include defining what an incident is, along with the scope of incidents and environments covered, response teams and roles and responsibilities, incident management preparation and planning, incident identification and severity, incident monitoring and containment, incident handling, eradication, recovery and incident reporting and follow-up, including lessons learned.
We work closely with business and IT leadership and stakeholders to ensure alignment is maintained with existing incident detection and escalation processes, communications strategies and disaster recovery capabilities. We also understand the regulatory and compliance environment that our customers operate in to ensure that plans and processes align with regulatory obligations, internal policy and cyber insurance requirements.
With Business Aspect’s expert advice and advisory outcomes, your organisation can develop an efficient and effective cyber security incident response capability that aligns with your organisational context, threat environment and available resources, reducing the impact of an incident and ensuring effective communications with associated stakeholders..