The number, speed and sophistication of cybersecurity breaches continue to increase as weaknesses in small to medium sized businesses’ (SMB’s) IT infrastructures are targeted. Clients, suppliers, and partners want to know how prepared organizations are to tackle and mitigate these potential risks, not just at the technology level, but more so, at the business level.
There are many different types of threats: financial criminals, commercial competitors, political action groups, and even former employees. The instigators of these attacks have evolved from teenaged hackers operating from their basements, to commercialized business with high-rise offices, cubicles, 9-to-5 hours and benefit plans. One does not have to be technologically savvy to perpetrate an attack. Today you can simply visit a website and download the hacking software, or more commonly, contract an organization to attack your target for you. A large scale Distributed Denial of Service attack can be purchased for under $25 – $50. In recent years:
Many companies or organizations employ basic cybersecurity technologies to mitigate risks. Larger companies tend to employ much more sophisticated, layered technologies that provide an integrated security approach. Most SMBs have either limited IT capabilities or outsource their IT management to implement security technologies. If targeted by a competent attacker, these basic security technologies can be bypassed and in exceptional cases can lead to a business failing.
The financial costs of intrusions continue to rise as cyber attacks become more sophisticated. Given the ever-increasing threat of attack, it is only prudent that SMBs mitigate risks to minimize financial impact.
A CSIRP is a master document to help an organization plan for the contingency of a security breach. In essence, the document formalizes the Incident Response function within the organization.
A CSIRP will detail roles, responsibilities, stakeholders, and response policies and procedures. A good plan will also provide actions to take during certain types of incidents, including incidents involving advanced or targeted threats. Key to implementing the plan is testing the plan through various exercises and real-world testing scenarios. The only way to effectively tune the capabilities of CSIRP and the IR team overall is to conduct periodic testing of your capabilities and planning.
The Circumference-Track Asset Cyber-Security Incident Response Plan (CSIRP) workshop is a two day, on-site session that has the objectives of:
• Evaluating your company’s critical cyber assets and their impacts on your critical business processes and functions
• Selecting one of these cyber sectors to assess for this CSIRP exercise
• Showing you the methodology to create a CSIRP
• Producing a CSIRP that is relevant to your organization and that is maintainable by you
The CSIRP identifies the appropriate controls and roles required to ensure uninterrupted business that continues to meet its mission critical requirements in the event of an incident.
The first day of the workshop will support the participants in understanding the critical processes and functions of the company in its environment.
The second day will work through various scenarios to establish the incident management capabilities across the organization.
The outcome of this workshop is an executive plan that includes a contingency sequence of assignments and activities.