Information Security Incidents are inevitable and although they differ in severity, most (if not all) requires some degree of response, even if the response is automated in the case of low severity incidents.
Severe incidents require a human lead response across multiple levels and business functions in the organisation to ensure its ongoing function. The resiliency of the organisation in the event of a serious security incident or breach, will depend on the effectiveness and maturity of its incident response plan and processes. Organisations of all sizes must think about security and incident response in fundamentally different ways than they did 10 years ago.
At Ntrust Advisory, we believe in the concept of “Continuous Response” and we assist organisations in maturing their Incident Response programs from a reactive to a continuous one.
Building Capacity and Capability
Incident Response Lifestyle Framework
Readiness Assessment
Ntrust Advisory’s Incident Response Readiness Assessment assists organisations in assessing the maturity of its Incident Response capability. Maturity is measured across 15 functions of Incident Response, giving the organisation a detailed view of capability and capacity to respond effectively to an information security incident, breach or compromise.
Risk Assessment
Risk assessments determines the risk that your information assets are exposed to and includes an industry specific threat assessment and gap analysis of security controls, based on your selected framework or best practice. Knowing the risks and associated threats that the organisation faces assists in formulating an effective Incident Response program and playbooks.
Policy and Playbook Development
Policy is the start of all security and an Incident Response Policy sets the ground rules for how an organisation responds to information security incidents. Playbooks guides incident responders in the event of specific incidents and allows for response efforts to happen in a systematic manner, reducing panic and enabling the incident to be handled confidently and promptly.
Compliance and Regulatory Alignment
Data protection and privacy regulations often require specific actions in case of an incident or breach and a practical Incident Response program can enable an organisation to fulfil these requirements. In order to be compliant to various information security standards and best practices, and fully fledged Incident Response plan is more often than not a requirement.
Tabletop Exercises
On-site Incident Response Tabletop Exercise tests and identifies possible gaps and inefficiencies in current processes, in light of new threats or discovered vulnerabilities. Our tabletop exercise approach can be performed in a classroom or breakout group format to help determine how participants respond based on the processes currently in place.
Breach Disclosure
Worldwide countries are adopting Mandatory Breach Disclosures laws, requiring organisations to disclose an information security breach within a set timeframe. Ntrust Advisory assists organisation with a breach disclosure strategy and can formulate breach disclosure documents and processes in the case of an actual breach.
Post Incident Analysis (Lessons Learned)
At the conclusion of an incident respond exercise, Ntrust can perform a debrief, or Post Incident Analysis to review the performance of the Incident Response Plan, identify the lessons learned and discuss with management where improvements should be made. These lessons learned or observations should then feedback and update the relevant Incident Response Playbooks and Policies.
