SafeBits by Luci

Incident Response Management

It’s generally a matter of when, not if, undesirable events take place. Time becomes critical and an effective strategy can minimise the negative impact.

An incident response plan will provide invaluable structure to your team’s reaction to these occurrences – something all organisations should have under their belt.

Incident Response Management

What I can do for you

As an information security consultant, I can provide help in two main areas related to incident management:

  • development of an incident response plan;
  • guidance during an incident.

Additionally, an incident response plan, like all security documentation, is never meant to be static, but rather reviewed, updated and tested on a periodic basis. These activities can also benefit from the expertise that a third-party consultant brings.

It’s important to understand that, like many other aspects of cybersecurity that are integrated into business processes, this endeavor should involve different levels of an organisation’s hierarchy. In particular, this is a joint effort between the following teams:

  • senior management, including executives;
  • legal;
  • public relations;
  • human resources;
  • technical operations.

Whether responding to an active incident or preparing for one, I would be liaising and bridging communication between all these stakeholders, with the ultimate goal of ensuring that business operations can be restored effectively.

How to plan

While it would be laborious, possibly unfeasible, to have detailed procedures for all possible types of incidents, known or unknown, your incident response plan should provide a combination of generic and targeted instructions for handling the undesired. To that aim, risk assessments and threat intelligence can supply insight into specific areas to focus on.

NIST describes four steps to incident response (other organisations will use a different number of steps, but the overall picture is the same):

  • Preparation – this involves building the plan, thus ensuring that the remaining steps can be executed;
  • Detection & Analysis – it is, after all, difficult to proceed if you don’t know when, how and what is affected;
  • Containment, Eradication & Recovery – where procedures can minimise the business impact felt;
  • Post-Incident Activity – which includes gathering data and perfecting the process.

With each organisation having a different structure, business concerns, compliance requirements and information systems, a bespoke plan is the only solution. Frameworks and best-practices will help with standardisation, as well as ensuring common ground in case of subsequent audits by regulatory bodies. The purpose of an information security consultant is to help you navigate through this and come out stronger. You can always reach out to me and discuss your requirements.

Advice when the chips are down

If you’re experiencing an incident, whether it’s a data breach or an availability problem, it’s important to get in touch as soon as possible. I can provide advice on the processes, help coordinate a response or even implement technical containment and recovery measures in areas I have expertise in, such as:

  • data networks (including in response to DDoS attacks);
  • cloud systems;
  • Linux servers, including many well-known applications.

For a more comprehensive list of technologies I have worked with, you can check out the About me page.