Proactive Approach to Incident Response. Part 4 – Practicing your Incident Response plan
Practicing your Incident Response plan
Just having an Incident Response plan in place is not good enough. The IR plan should be drilled to check if it is viable under the circumstances of an attack. And for it to be practiced staff needs to be familiar with it. Then again, does all staff need to be familiar with all the plan, or is it sufficient for everybody to know their part in the plot?
Only if you try something out in practical terms can you discover if it really works or if there are gaps in the process which can turn out to be detrimental to the success of fighting an unexpected attack.
Some shortcomings of the plan could be:
- Realising the person who is the first point of contact in cyber emergency situations is off-site and ‘second in command’ is not named
- Because the computers are down due to the attack you must communicate using mobile phones, but part of the plant you need to communicate with does not have reception
- You need a whiteboard to document and communicate the progress of the incident as computers are down
- You don’t know what data exactly has been compromised as you don’t have an up-to-date inventory of all data sources
Practice makes perfect!
There is an online tool developed by NCSC called ‘Exercise in a Box’.
It provides exercises based around the main cyber threats which helps organisations test and practice their response to a cyber-attack and find out how resilient they and their IR plans are.
To access this free service follow the link below the article.
Do you require help in organising an IR plan practice?
If you would like us to organise an IR plan practice for your company, require advice on establishing a Security Baseline for your IT / OT environment, have questions regarding a Proactive Incident Approach for IT and OT solutions or would like us to provide training for your IT /OT teams, please contact SEQRED, we will be happy to help.
SEQRED specialises in providing tailored cybersecurity solutions for companies big and small. Our services cover Critical Infrastructure Protection, Security Audits, Penetration Testing or Threat Intelligence amongst others. For a full list of our services visit our website – www.seqred.pl.