Incident Response – Anatomy of an Incident Response Test Plan PT 2
Caleb Coggins: Director of Compliance Services
Mark Repka: Security Consultant
Michele Adelaar: Security Consultant
Testing your Incident Response Plan as discussed last week is critical and an external requirement for some organizations (e.g., PCI DSS compliance). For PCI, testing must occur at least annually and include lessons learned postmortem to update or evolve the plan. The two common IR test methods are a Tabletop Exercise and Functional Exercise (Simulated Attack). Your test approach should align with the steps documented in your IR Plan, regardless of the testing method you have selected.
As outlined in NIST SP 800-84, the following steps help an organization to prepare for and conduct a test of its Incident Response Plan and procedures.
As with many cyclical, iterative processes, the Incident Response Lifecycle does not officially end. After the completion of a test, after action items may be assigned to personnel for continued improvement and in preparation for the next periodic IR test. One of the interesting results of an IR test is the identification of gaps in procedure or tools. Where are the blind spots within our organization’s logging and monitoring solutions? Are our procedures sufficiently detailed and clear, so that responders understand what needs to be done, in a given situation? Organizations increasingly rely on playbooks to define (and automate) responses to predictable events. These playbooks may originate externally and be modified to conform to an organization’s unique characteristics. For example, the Cybersecurity and Infrastructure Security Agency (CISA) has a Ransomware Guide resource that is publicly available and useful guidance for security controls preparation, IR planning, and IR response procedures.
Looking for a knowledgeable partner for your cybersecurity and compliance efforts? We're Here To Help!
Here at MegaplanIT, we have decades of experience handling incident response plans, testing, and analysis of threats to production environments. Our SOCaaS can aid you in identifying and responding to security events and malicious activities within your environment. Our dedicated consultants advise on incident response plan scenarios, custom-tailored to your organization, minimizing impact to your team while maintaining the maximum return on investment. Reach out today, for assistance with creating a test or reviewing processes for compliance.
Share this post
Subscribe To Our Newsletter
Post By Topic
Industry Leading Certified Experts
Subscribe To Our Newsletter & Stay Up-To-Date
Explore Our Blogs
Whitepaper | 10 min Read
Developing An Effective Compliance Program
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business. We will also outline critical steps towards developing and implementing a useful and effective Compliance Program.
New Service Offering | Contact Us
Ransomware Preparedness Assessment
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack? If not or if you are unsure, MegaplanIT is offering a Ransomware Readiness Assessment free of charge for up to 50 Systems.
ResourceGuide | 8 min Read
Cybersecurity Roadmap For 2022
Companies need to be aware of their current state, where they need improvement, and how to be proactive moving forward. Dialing in on the key elements your organization will need to succeed is a great starting point to having a full-fledged plan in place, and it all comes down to the fundamentals.
We're Here To Help
We look forward to talking to you about your upcoming Security Testing, Compliance Assessments, and Managed Security Services priorities. We are ready to help and discuss more information with you on our comprehensive list of services.
Make Our Team, Your Team!
Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.
Ransomware Assessment Preparedness
Cybersecurity Roadmap For 2022
Developing And Maintaining An Effective Compliance Program
As new vulnerabilities emerge in response to ongoing geopolitical threats, are you confident that your organization could defend against a ransomware attack?
A Cybersecurity Roadmap details priorities and objectives to drive progress towards security goals. The roadmap follows a data-driven path based on answers to critical questions
This whitepaper provides organizations with a path forward. We will walk through aspects of an effective compliance program and how it can be valuable to your business