Cyber incident response plans (CIRP)

 Cyber incident response plans (CIRP) 

 

What is a cyber incident response plan? 

A cyber incident response plan (CIRP) is an in-depth document created by companies to outline and advise what to do in a major cyber incident. Such incidents could include large or sensitive data breaches, data loss, outages and ransomware attacks. 

 

Preparation 

Arguably the most important phase of a cyber incident response plan. The main premise of this step is to ensure that a CIRP is in place well before an attack happens and relevant staff are briefed on what to do. The incident response team should be listed along with their contact information in case they need to be notified in a cyber incident. 

 

Detection and analysis 

This phase focuses on detecting and analysing cyber incidents once they occur. Security policies, monitors and features should be set up along with staff training on how to detect and recognise cyber incidents happening. Incidents can be detected based on precursors (events that happen before the incident such as brute forcing attempts from a hacker) or indicators (events that happen during or after the incident such as ransomware notices). Once an incident is detected, it should be prioritised and affected parties need to be notified in compliance with GDPR regulations. 

 

Containment and eradication 

Whilst devising a containment strategy, the company needs to be aware of how the strategy will affect the everyday operations. Events such as operational downtime, potential damage to resources and the need for evidence preservation should be considered. Gathering and documenting evidence should also be done at this stage to preserve the attack and help with identifying the attacking host. Eradication strategies will depend on the type of attack that occurs such as removing malware, disabling accounts or patching vulnerabilities in the affected systems. An effective eradication strategy works quickly and patches the entry point for the attack. 

 

Recovery 

After the incident has been dealt with, the incident response team should hold a meeting afterwards to review the cyber incident response plan and make improvements and changes where necessary. The damage and severity of the issue should also be reviewed especially in cases where an attack was successful. 

 

Cyber incident drills 

To test the cyber incident response plan, drills should be held where a cyber incident is simulated, and the plan is followed like a real situation. This will help to train members of staff what to do in a cyber incident along with testing the robustness and effectiveness of the cyber incident response plan. 

Comments

Post a Comment

Popular posts from this blog

OSA Assignment 1 - Task 3 GUIDE

Image
  OSA Assignment 1 – Task 3 Guide     Exam parameters   Time length – 5 hours (2x 2 ½ sessions)   Marks available – 28     Task 3: Design – Communication Equipment   In this task you are required to submit :   A technical proposal covering the switches, wireless infrastructure and specifications   Justification of planned network architecture and considerations for security, resilience, performance and redundancy   Evidence print screens   Annotated floor plan/network diagram     Technical Proposal   The technical proposal in task 3 follows a similar format as task 2. It's another large document detailing the requirements and recommendations for the company. In task 3, however , it should discuss communication and other digital equipment such as switches, CCTV and APs.   You should recommend multiple hardware solutions and justify between them.   Here are some examples of tables and information ...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more