Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Maturing IR Capabilities into an Incident Management Program – Part 1 of 3
We’ve all heard that it’s not a matter of “if,” but “when.” This statement, while becoming its own stale mantra of sorts, is still the impetus for the necessary and dramatic shift taking place across enterprise-level cyber security program strategy.
Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.
What makes a good IR plan? Maybe more importantly, what makes a bad one? What IR planning mistakes have Optiv experts helped organizations overcome?
In this three part blog series, we aim to answer these questions and more.
As a foundation, there are some critical security program components that need to be identified before an organization can build a response plan or in-house capability. Three key supporting components are:
Good incident response plans incorporate a full complement of stakeholders across the enterprise. An IR playbook is required for the technical response tactics, forensics, chain of custody for evidence, etc. However, a full response plan incorporates legal, enterprise risk stakeholders, business line owners and marketing/communications.
Formulating the plan requires a programmatic approach and must take into account a company’s most critical assets and business processes. From there, determining business line stakeholders or involving key people who have the most insight into the critical assets and business processes, as well as the actual security incident response owners, legal and ERM provides an enterprise-wide view of what constitutes a full response plan.
Incident prioritization must take into account varying enterprise stakeholder perspectives. Key response and recovery procedures must include designated points of contact within each stakeholder group. Good IR plans include procedures and points of contact within each phase of an incident: preparation, detection, analysis, recovery and post-incident.
Traditionally, companies either assume information technology and/or information security/risk own IR planning, which is not always the case. Unfortunately, IR planning is too often “event-driven” and doesn’t receive the proactive recognition or attention it requires. Unrehearsed and unstructured incident “reaction” typically results in miscommunication, mishandling of evidence and, ultimately, a very expensive and embarrassing lesson.
IR planning is too often viewed as a project, instead of an ongoing program. It is viewed as a “necessary evil” instead of adding value to the company. The plan has to be a living document which is constantly tested, reviewed and updated to account for lessons learned and changing industry conditions or environment upgrades/installs.
In part two of our blog post series, we will move to the more tactical and specific aspects of IR planning – what mistakes Optiv’s expert IR consultants consistently find that companies make in creating their IR plans, and learn from their mistakes to institute a solid plan.
June 10, 2016
Optiv’s enterprise risk and compliance services help you identify, mitigate and manage your organization’s cyber security risk.
October 11, 2017
Optiv is a market-leading provider of end-to-end cyber security solutions. View our services here.
Let us know what you need, and we will have an Optiv professional contact you shortly.