Develop and Implement a Security Incident Management Program


Create a scalable and cost-effective incident response program. 

Major Business Pain Points

  • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks. 
  • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
  • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it. 

Recommendations

Key Points

  • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases. 
  • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector. 
  • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats. 

Approach

  • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities. 
  • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization. 

Methodology and Tools

Executive Brief

Read the concise Executive Brief to find out why you should develop and implement a security incident management program and review the methodology. 

  • Develop and Implement a Security Incident Management Program – Executive Brief
  • Develop and Implement a Security Incident Management Program – Phases 1-3 

1. Prepare 

Equip your organization for incident response with formal documentation of policies and processes. 

  • Develop and Implement a Security Incident Management Program – Phase 1: Prepare
  • Security Incident Management Maturity Checklist  Preliminary 
  • Information Security Requirements Gathering Tool 
  • Incident Response Maturity Assessment Tool  
  • Security Incident Management Charter Template  
  • Security Incident Management Policy  
  • Security Incident Management RACI Tool  

2. Operate

Act with efficiency and effectiveness as new incidents are handled.

  • Develop and Implement a Security Incident Management Program – Phase 2: Operate
  • Security Incident Management Plan 
  • Security Incident Runbook Prioritization Tool 
  • Security Incident Management Runbook: Credential Compromise  

Security Incident Management Workflow: Credential Compromise (Visio)

  • Security Incident Management Workflow: Credential Compromise (PDF)
  • Security Incident Management Runbook: Distributed Denial of Service

Security Incident Management Workflow: Distributed Denial of Service (Visio)

  • Security Incident Management Workflow: Distributed Denial of Service (PDF)
  • Security Incident Management Runbook: Malware

Security Incident Management Workflow: Malware (Visio)

  • Security Incident Management Workflow: Malware (PDF)
  • Security Incident Management Runbook: Malicious Email

Security Incident Management Workflow: Malicious Email (Visio)

  • Security Incident Management Workflow: Malicious Email (PDF)
  • Security Incident Management Runbook: Ransomware

Security Incident Management Workflow: Ransomware (Visio)

  • Security Incident Management Workflow: Ransomware (PDF)
  • Security Incident Management Runbook: Data Breach

Security Incident Management Workflow: Data Breach (Visio)

  • Security Incident Management Workflow: Data Breach (PDF)
  • Data Breach Reporting Requirements Summary
  • Security Incident Management Runbook: Third-Party Incident

Security Incident Management Workflow: Third-Party Incident (Visio)

  • Security Incident Management Workflow: Third-Party Incident (PDF)
  • Security Incident Management Runbook: Blank Template

3. Maintain and optimize 

Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

  • Develop and Implement a Security Incident Management Program – Phase 3: Maintain and Optimize
  • Security Incident Metrics Tool
  • Post-Incident Review Questions Tracking Tool
  • Root-Cause Analysis Template
  • Security Incident Report Template

Related content: 

© 2021 Cyber Resilience Pty Ltd 

 Privacy Policy | Terms of Service

>