Incident Response Technology Planning

Prepare for the inevitable by developing a plan to respond to an incident more effectively.

• Secure executive sponsorship

• Identify your organization’s cyber insurance requirements related to incident response

• Identify your organization’s most valuable assets

• Establish a cybersecurity framework baseline

• Perform a maturity assessment, gap analysis and a penetration test to identify gaps

• Prioritize and address identified gaps

• Create a threat model to understand the types of incidents your organization is most vulnerable to and their potential impact

• Identify compliance and reporting requirements

• Properly define roles and responsibilities and establish a communication plan to be used during an incident

• Develop an incident response plan, including processes and procedures

• Develop a playbook and conduct tabletop exercises

Security teams need the right instrumentation to detect, contain and eradicate threats.

• Consult an expert to identify gaps that exist within your existing security instrumentation

• Ensure proper segmentation and isolation of business units based on user roles and devices present on the network, to isolate incident impact and prevent lateral movement

• Invest in Endpoint Detection and Response (EDR) and Next-Generation Anti-Virus (NGAV) solutions to provide comprehensive visibility into endpoint activity critical to detecting, investigating and mitigating advanced cyberthreats

• Centralize logs and leverage an event log management solution to detect and investigate unusual or suspicious activity across the enterprise environment

• Collect network telemetry to identify and track atypical network traffic and baseline deviations

• Minimize the attack surface of your environment through comprehensive vulnerability management solutions

Organizations and threats constantly evolve. Conduct regular reviews of your incident response program.

• Implement continuous monitoring through a managed detection provider

• Perform regular tabletop exercises to validate the efficacy of your incident response program

• Perform regular patch maintenance on your servers

• Conduct regular reviews and testing of your incident response plan and update it as necessary

• Leverage purple team exercises to evaluate the efficacy of your incident response team

• Learn from security incidents within and outside of your organization

• Stay abreast of the latest trends and attacker techniques and adapt your incident response program as necessary