Incident Response Process Development
Building on our incident response and managed security services experience, Security Risk Advisors has significant knowledge of incident response process best practices. We can help develop a customized incident response process which understands company culture, existing emergency or incident processes and worfklow automation tools.
Our approach includes:
- Leading interviews and reviewing existing documentation (including a sample of past incidents) to understand the current incident response workflow (IRW), including monitoring and response tools and communication paths and how they might be used and improved
- Recommending and drafting updates to (or creating from new) the Incident Response Plan
- Designing incident response personnel responsibilities, including tie-ins to internal and external communications and law enforcement
- Analysing and recommending improvements to how threat alerts are managed in SIEM/outsourced monitoring and coordinated across platforms. This can be designed within the SIEM or in a separate IRW tool like Resilient or Cybersponse.
- Recommending updates to process documentation, analysis, communication and resolution steps for insider and outsider incidents, based on industry good practices (NIST, SANS) and a standard ‘kill chain’ model
- Designing metrics relating to incident response workflow
- Conducting table-top exercises to simulate use of the updated process and templates. We incorporate lessons-learned and update templates based on the table top exercise