Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Develop and Implement a Security Incident Management Program

Create a scalable incident response program without breaking the bank.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Dave Millier, CEO, Uzado Inc.
  • Mahmood Sher-Jan, EVP & General Manager, RADAR Product Unit
  • Matt Anthony, VP, Security Remediation Services,The Herjavec Group
  • Jason Bareiszis, CSIRT Manager & Principal Security Architect, Tetra Tech
  • Malcolm Brown, Industry Analyst Relations, Trend Micro
  • Mark Bernard, CISO, Government, Financial Services, Manufacturing, Pharma, Legal
  • Wayne Chung, Senior Consultant, Information Assurance, Eosensa
  • Ali Shahidi, Chief Cyber Security & Computer Forensics, InfoTransec Inc.
  • Ian Parker, Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
  • Joey LaCour, CISO, Colonial Savings, F.A.
  • Ron Kirkland, Manager ICT Security, Crawford and Company
  • Vincent di Giambattista, Director IT Security and Compliance, Alliance Healthcare Ltd.
  • Five anonymous contributors

Your Challenge

  • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
  • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
  • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

Our Advice

Critical Insight

  • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
  • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
  • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

Impact and Result

  • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
  • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

3. Maintain and optimize

Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Prepare

Call #1 - Understand the incident response process, and define your security obligations, scope, and boundaries.
Call #2 - Formalize the incident management charter, RACI, and incident management policy.

Guided Implementation #2 - Operate

Call #1 - Use the framework to develop a general incident management plan.
Call #2 - Prioritize and develop top-priority runbooks.

Guided Implementation #3 - Maintain and optimize

Call #1 - Develop and facilitate tabletop exercises.
Call #2 - Create an incident management metrics program, and assess the success of the incident management program.

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Prepare Your Incident Response Program

The Purpose

  • Understand the purpose of incident response.
  • Formalize the program.
  • Identify key players and escalation points.

Key Benefits Achieved

  • Common understanding of the importance of incident response.
  • Various business units becoming aware of their roles in the incident management program.
  • Formalized documentation.

Activities

Outputs

1.1

Assess the current process, obligations, scope, and boundaries of the incident management program.

  • Understanding of the incident landscape
1.2

Identify key players for the response team and for escalation points.

  • An identified incident response team
1.3

Formalize documentation.

  • A security incident management charter
  • A security incident management policy
1.4

Prioritize incidents requiring preparation.

  • A list of top-priority incidents
  • A general security incident management plan
  • A security incident response RACI chart

Module 2: Develop Incident-Specific Runbooks

The Purpose

  • Document the clear response procedures for top-priority incidents.

Key Benefits Achieved

  • As incidents occur, clear response procedures are documented for efficient and effective recovery.

Activities

Outputs

2.1

For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

  • Up to five incident-specific runbooks

Module 3: Maintain and Optimize the Program

The Purpose

  • Ensure the response procedures are realistic and effective.
  • Identify key metrics to measure the success of the program.

Key Benefits Achieved

  • Real-time run-through of security incidents to ensure roles and responsibilities are known.
  • Understanding of how to measure the success of the program.

Activities

Outputs

3.1

Limited scope tabletop exercise.

  • Completed tabletop exercise
3.2

Discuss key metrics.

  • Key success metrics identified

Member Testimonials

Schedule Analyst Call

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Aipso

Guided Implementation

9/10

N/A

5

Government Employees Medical Scheme

Guided Implementation

9/10

N/A

20

Truckee Meadows Water Authority

Workshop

7/10

N/A

10

South Carolina State Ports Authority

Workshop

9/10

N/A

N/A

City of College Station, TX

Guided Implementation

10/10

$13,236

2

Farm Credit Southeast Missouri

Guided Implementation

10/10

$5,294

5

City of College Station, TX

Guided Implementation

10/10

$2,647

5

Olmsted Medical Center

Guided Implementation

10/10

N/A

N/A

City Of Kawartha Lakes

Workshop

9/10

$25,000

60

Lane Council of Governments

Guided Implementation

10/10

N/A

N/A

State Department Federal Credit Union

Guided Implementation

10/10

$5,294

3

Women's College Hospital

Guided Implementation

9/10

$1,800

5

City of College Station, TX

Guided Implementation

10/10

$3,970

41

Olmsted Medical Center

Guided Implementation

10/10

N/A

N/A

Lane Council of Governments

Guided Implementation

10/10

$66,183

120

Altarum Institute

Guided Implementation

10/10

$23,164

6

Farm Credit Southeast Missouri

Guided Implementation

10/10

$9,265

7

City Of Durango

Workshop

10/10

$33,091

20

Sleep Country Canada

Guided Implementation

10/10

N/A

N/A

Larimer County, Colorado

Guided Implementation

9/10

N/A

N/A

City of Moreno Valley

Guided Implementation

10/10

$13,236

10

Spark Therapeutics, Inc.

Workshop

9/10

$33,091

50

Arizona Department of Corrections

Guided Implementation

10/10

$132K

35

Palmer College of Chiropractic

Guided Implementation

10/10

$3,970

70

Office of the State Treasurer

Guided Implementation

10/10

N/A

N/A

Pharmascience

Guided Implementation

8/10

N/A

N/A

City Of Regina, The

Guided Implementation

7/10

N/A

N/A

Federal Signal-Corporation

Guided Implementation

10/10

$7,941

50

Wilfrid Laurier University

Guided Implementation

7/10

$1,200

4

St. Lawrence County

Guided Implementation

9/10

N/A

2

Search Code: 76122
Published: October 9, 2014
Last Revised: September 9, 2019