Manage cybersecurity incidents effectively and efficiently.

Cybersecurity incident management planning aims to create the proper set of documented policies and playbooks which are followed in the event of a cybersecurity incident. To ensure effectiveness, policies should be customized to best fit the organizational structure, company culture and operations.

The core policy should include:

• The mission statement
• Objectives
• Definitions
• Severities
• Contact information for involved parties
• Quick forms
• Mandatory compliance
• Insurance policies
• Basic scoping of the incident (type and severity)

Playbooks are processes comprised of graphical flowcharts accompanied by a narrative in textual form. They tell various stakeholders what to do during a cybersecurity incident to get to resolution effectively and efficiently.

Motivations that underly cybersecurity incident management planning include, but are not limited to:

• Insurance requirements
• Compliance requirements
• Customer/contract requirements
• Proper operational management of incident cases by the Security Operations Center (SOC), CISO and/or CIO
• Proper awareness, preparation and support of key business stakeholders
• Preparation of the technical procedures writing work to support automation, standardization and reproduceable work
• Enablement of incident management training (table-top exercises)
• Facilitation of the SIEM/SOAR use-cases implementation
• Support of cyber threat intelligence analysis and historical threat mapping
• Facilitation of “lessons learned” after a security incident

Canary Trap’s approach to cybersecurity incident management planning combines several activities to ensure a robust engagement:

• Interviews with various key business stakeholders to define:
  • Organizational culture
  • Organizational structure
  • Operational processes and ways of doing things
• Gap analysis of requirements:
  • Incident management core needs
  • Dependencies and alignment needs
    • Business Continuity Plan (BCP)
    • Disaster Recovery Plan (DRP)
• Review of existing documents, processes, contracts, policies
• Writing the core policy
• Design of the playbooks
• Writing the narratives
• Table-top exercise to validate the general policy and flows

Canary Trap combines human expertise with sophisticated tools, proven methodologies and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.

For more information, please complete our Scoping Questionnaire or Contact Us.