Security Risk Advisors

Incident Response Process Development

Building on our incident response and managed security services experience, Security Risk Advisors has significant knowledge of incident response process best practices.  We can help develop a customized incident response process which understands company culture, existing emergency or incident processes and worfklow automation tools.

Our approach includes:

  1. Leading interviews and reviewing existing documentation (including a sample of past incidents) to understand the current incident response workflow (IRW), including monitoring and response tools and communication paths and how they might be used and improved
  2. Recommending and drafting updates to (or creating from new) the Incident Response Plan
  3. Designing incident response personnel responsibilities, including tie-ins to internal and external communications and law enforcement
  4. Analysing and recommending improvements to how threat alerts are managed in SIEM/outsourced monitoring and coordinated across platforms.  This can be designed within the SIEM or in a separate IRW tool like Resilient or Cybersponse.
  5. Recommending updates to process documentation, analysis, communication and resolution steps for insider and outsider incidents, based on industry good practices (NIST, SANS) and a standard ‘kill chain’ model 
  6. Designing metrics relating to incident response workflow
  7. Conducting table-top exercises to simulate use of the updated process and templates. We incorporate lessons-learned and update templates based on the table top exercise