As the number of security incidents and breaches of personal information increases, it has become a virtual certainty that organizations will have to be prepared to respond to these incidents. Unfortunately, developing this incident response capability can be costly and technically difficult.
DigitalDefence can leverage its experience in helping organizations to develop their own Incident Response Program. Once successfully implemented, an organization’s incident response can be managed like other business processes, and it can be effectively and efficiently launched to minimize damage to the organization.
To ensure a successful response to a security incident or breach, DigitalDefence has created the services to guide you in establishing and maintaining a successful incident response. These services include:
- Strategy and policy development
- Incident response readiness assessment
- The first responders workshop
- Table top and simulation exercises
An effective incident response requires an organization to have a defined strategy that is aligned with its business strategy and objectives. The incident response strategy will provide the executive and management level guidance that defines how an organization will protect its own, and its client’s, sensitive data.
The strategy must then be made “tactical” – a policy must be created that provides the rules for how incident response will be conducted across an organization. This policy will provide the guidance and constraints for implementing all incident response activities
Finally, organizations should create specific incident “playbooks” that provide pre-approved and auditable records of technical responses to various security incidents.
If the client has already completed these governance steps, DigitalDefence can provide an objective review to ensure that they meet immediate requirements, and that they will support future operations.
DigitalDefence will work with clients to create an incident response strategy and all supporting documents.
DigitalDefence will assess your incident response capabilities by completing a formal Incident Response Readiness Assessment of your organization. Our team of experienced responders will conduct on-site interviews with key stakeholders to evaluate:
- Do you understand the threat environment, and the objectives, methodologies and tools used by attackers?
- Do you have a documented incident response strategy and plan, and do they provide effective guidance?
- Are executives and senior management prepared to manage an incident response?
- Do management and technical staff understand their roles and responsibilities during a security incident? If you plan on incorporating a third party into your response, are their roles and responsibilities aligned for maximum effectiveness?
- Do technical staff have the tools and training they need to recognize and respond to a security incident?
- Do technical staff have a document “playbook” of pre-approved and defined responses to common threats and attacks such as physical intrusion, malicious software, ransomware, external hacker, data leakage, etc.
- Are you prepared to coordinate with third parties in responding to an incident?
- How will your organization follow-up after the incident to determine the extent of damage, the root cause of the incident, and what will be done to prevent the incident from occurring again?
- Are you aware of your legal and regulatory responsibilities in the event that there is a breach of your data, releasing it to the public Internet?
After assessing your capabilities, DigitalDefence will provide you with a roadmap to efficiently migrate across the gaps to the most effective practices.
DigitalDefence has created the “First Responders Workshop” to provide management and technical staff with the knowledge they need to launch an immediate response against a security incident. Material covered during this 2-day workshop includes:
- Introduction to attackers (external, external), and the threat environment
- Review of attacker methodologies, with hands-on demonstrations and practice in implementing the most common attacks
- Recognizing a data security incident
- Planning including resource management, responsibility and authority delegation
- The incident response process, covering development of internal standard operating procedures, the computer security incident response team (CSIRT), notification and escalation processes,
internal communications and public relations, reporting, lessons learned
- Responding to common attacks (scenario-based training)
- Supporting the collection of forensic evidence and litigation preparation, including collecting data from a live system
- Relevant laws and regulations, including privacy
The workshop culminates in a Table Top Exercise that allows student to practically apply their knowledge.
The workshop can be used as a stand-alone introductory training session, or as an important component of the Retained Incident Response service.
In incident response, it is critical that you “train as you fight, and fight as you train”. Your training must actively engage your incident responders, and they should be placed in realistic scenarios that prepare them for the incidents that they will be facing.
Because many of our consultants have military or law enforcement backgrounds, we have developed a unique industry-leading approach to effective incident response training that is customized to your specific usiness. DigitalDefence can provide the following:
- Table Top Exercises – Structured walk-throughs, guiding key stakeholders in responding to incident response scenarios
- Scenario-Based Training – Once table top exercises have been completed, full scenario-based training is the most effective means of validating that all persons know how to respond to a cyber incident
Ensures that an organization has the governance structure, formal documentation, and training in place to effectively respond to a cyber security incident
Supports the pro-active stages of an incident response, ensuring that a real response is rapidly and effectively implemented to minimize
Provides all employees with a deep understanding of the real-world risks faced by your organization; as a result, they are more likely to mount a stronger defence in maintaining your network’s security and privacy
Customized campaigns meet the specific needs of your organization, and your regulatory and legal environments