image
The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate the ongoing activities and status to the executive level. While the IR process is mostly technical, reporting to the organization’s management should take place on a much higher level in order for the non-security -savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template (download here) which apart from providing an actionable response framework, is also clear and intuitive for the executive level. Let’s drill down on the two aspects of the template: IR Management The template was built on the SANSNIST framework which includes the following stages: Identification This stage includes all activities that relate to the initial discovery of malicious presence and activity. It covers a wide range of potential scenarios – discovery carried out by the internal security team or by an external entity, was it in the context of the standard security protocols or a mere coincidence. This stage includes also an initial risk estimation for onward steps. Containment Following the initial identification, there is a critical…

Source