20 October 2022
When was the last time you tested your incident response plan?
In the last few weeks a number of high profile organisations have become front page news due to data breaches.
Testing your incident response plan is critical for a range of reasons including –
- It’s important to confirm that the defined roles and responsibilities assigned to your response team are appropriate.
- Testing will help team members to understand and remember the actions they need to take.
- The team will gain better clarity as to how a triage and escalation process works in the real world.
With practice staff should build confidence and be in a better position to handle a pressured situation when it arises.
Kaon Security can facilitate a tabletop exercise which will see you gather all your key players together, pose some breach scenarios and have everyone talk through their part of the response, as detailed by the plan. The value derived from this approach is that you will quickly identify gaps in the plan and its execution, raise some questions that need to be addressed and draft an action items list.
The key elements of our Incident Response Optimisation service are:
Assessment Phase
- Assess your current state of Incident Response readiness
- Review your existing Incident Response information, plan, templates and guidelines
- Identify any gaps and areas of concern
- Review current roles and responsibilities
Prepare and Deliver Phase
- Walk your team through an Incident Response scenario using a sample playbook
- Assist in formalising the appropriate roles and responsibilities to handle incidents
- Present and discuss suitable supporting Incident Response documentation
- Formalise a comprehensive library of tailor-made playbooks based on common incident response scenarios – branded and customised to match your organisational structure
- Each playbook comes in 2 versions outlining specific details for the Incident Manager and Incident Responder roles
- Create reporting templates – branded and customised
- Incident response plan drafted and aligned with playbooks and reporting templates ready for approval and to socialise internally
Having a comprehensive IR plan (including a bespoke set of playbooks) will improve the speed and effectiveness of your team in dealing with a real-life incident.
Our Incident Response experts can assist an organisation to develop an IR plan, or refresh the key components of an existing one.
Click here to view information on our Digital Forensics and Incident Response services.
We can also provide assistance to those organisations that wish to move beyond the tabletop exercise and opt to take a more in-depth approach to testing their response plan. Contact us today.