Develop and Implement a Security Incident Management Program
Create a scalable incident response program without breaking the bank.
This content requires an active subscription.
Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.
Your Challenge
- Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
- The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.
Our Advice
Critical Insight
- Organizations can’t rely on “out-of-the-box” classifications anymore. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
- Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and patterns regarding incidents leads to being re-victimized by the same vector.
- Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
Impact and Result
- Short term: Streamline the process of formalizing an incident management program customized to your organization-specific needs. Respond faster and more effectively by leveraging a mature process rather than starting from scratch.
- Long term: Once the program is in place, damage will be minimized. As incidents are properly tracked, analyzed and handled according to a well-defined process, potential breaches will be reduced to minor incidents.
Contributors
- Dave Millier,CEO, Uzado Inc
- Mahmood Sher-Jan, EVP & General Manager, RADAR Product Unit
- Matt Anthony, VP, Security Remediation Services, The Herjavec Group
- Jason Bareiszis, CSIRT Manager & Principal Security Architect, Tetra Tech
- Malcolm Brown, Industry Analyst Relations, Trend Micro
- Mark Bernard, CISO, Government, Financial Services, Manufacturing, Pharma, Legal
- Wayne Chung, Senior Consultant, Information Assurance, Eosensa
- Ali Shahidi, Chief Cyber Security & Computer Forensics, InfoTransec Inc.
- 5 anonymous contributors
Get the Complete Storyboard
See how all the steps you need to take come together, with tools and advice to help with each task on your list.
Download NowGet to Action
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
-
Prepare
Prepare your organization for incident response with formal documentation of policies and processes.
-
Develop and Implement a Security Incident Management Program – Phase 1: Prepare
-
Incident Management Stakeholder Proposal Template
-
Information Security Incident Management Policy
-
Information Security Incident Management Guide
-
Security Incident Use Case Development Prioritization Tool
-
Credential Compromise Use Case Template
-
DDoS Use Case Template
-
Malware Infection Use Case Template
-
-
Operate
Operate with efficiency and effectiveness as new incidents are handled.
-
Maintain and optimize
Maintain and optimize the incident management process by tracking metrics and leveraging best practices.
Guided Implementation
This guided implementation is a six call advisory process.
-
Call #1: Prepare documentation
-
Call #2: Develop incident use-case documents
-
Call #1: Discuss incident handling guidance
-
Call #2: Prepare post-incident activities
-
Call #1: Assess the success of the incident management program
-
Call #2: Optimize
Guided Implementation #1 - Prepare
Guided Implementation #2 - Operate
Guided Implementation #3 - Maintain and optimize
Onsite Workshop
Module 1: Prepare – Formalize Security Incident Management with Policies and Procedures
The Purpose
- Acquire executive support for the security incident management initiative.
- Identify the need for incident management.
- Formalize the incident management process.
Key Benefits Achieved
- Stakeholder support and approval to implement the program.
- Understanding of the benefits and purpose of the program.
- Standardized process with an official policy and guide.
| Activities: | Outputs: | |
|---|---|---|
| 1.1 | Assess the need for incident management |
|
| 1.2 | Acquire stakeholder support |
|
| 1.3 | Customize the incident response policy |
|
| 1.4 | Identify members of the Security Incident Response Team |
|
| 1.5 | Customize the Incident Response Guide |
|
Module 2: Operate – Develop Use Case Documents in Alignment with Incident Handling Processes
The Purpose
- Develop security incident use case documents to standardize the incident response process.
- Understand how to handle incidents from detection to post-mortem review.
Key Benefits Achieved
- Increased operational efficiency and clarity when handling incidents.
- Well-defined, mature process established.
| Activities: | Outputs: | |
|---|---|---|
| 2.1 | Prioritize the development of use case documents |
|
| 2.2 | Develop the use case documents |
|
Module 3: Maintain & Optimize – Track Metrics and Communicate Internally and Externally
The Purpose
- Assess the success of the security incident management process.
- Disclose the relevant information within the organization to spread awareness.
- Prepare public relation tactics and materials to efficiently address the situation and disclose what is being done to rectify it.
Key Benefits Achieved
- Benchmarks defined for future improvement goals.
- Consistency and efficiency within the organization when handling incidents.
- Minimized reputation damage and swift public response in the event of significant incidents.
| Activities: | Outputs: | |
|---|---|---|
| 3.1 | Determine metrics to track throughout the process |
|
| 3.2 | Customize communication templates for internal use |
|
| 3.3 | Prepare external communication plans |
|
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowSecurity Management Map
-
1Build a Security Awareness and Training Program
-
2Exploit Disruptive Security Trends for 2015
-
3Develop and Deploy Security Policies
-
4Build a Security Governance and Management Plan
-
5Hire or Develop a World-Class CISO
-
6Build an Information Security Strategy
-
7Optimize Security Operations without Overspending
-
8Develop and Implement a Security Incident Management Program
-
9Implement and Optimize an Effective Security Management Metrics Program
-
10Develop a Network Security Roadmap to Lower Incident Costs and Increase Efficiency
-
11Secure Critical Systems and Intellectual Property Against APT
-
12Ensure Cloud Security in IaaS and PaaS Environments
-
13Comply with the Security Requirements of HIPAA or SOX
-
14Defend Against Ransomware
-
15Develop a User Management Strategy
-
16Exploit Disruptive Security Trends in 2016
-
17Improve Information Security Practices in the Small Enterprise
-
18Manage Security Mitigation Effectiveness
-
19
Manage the Budget to Optimize Security Spending
-
20
Develop and Optimize Threat Intelligence on a Budget
-
21
Manage Security Outsourcing
Search Code: 76122
Published: October 9, 2014
Last Revised: May 21, 2015
