Cyber Incident Response (CIR) Management
The threat of becoming a victim of a data breach is an imminent reality for all companies. How an organisation responds to a cyber incident – its cyber resilience – can often spell the difference between failure and success.
Companies that demonstrate adherence to local and international security standards, exhibit transparency and respond quickly and proactively to cyber incidents can minimise the adverse effects of a breach and are less likely to be fined by governing bodies, if at all. For this reason, incident response management is often a requirement of information security compliance standards and regulations.
The NIS Directive
The Directive on the Security of Network and Information Systems (NIS Directive) is another Pan-European framework that requires, among other measures, an incident response plan aimed at operators of essential services (OES) in critical national infrastructure (energy, water, healthcare, transport and digital infrastructure) and digital service providers (DSPs). Despite Brexit, the UK government has approved the implementation of the NIS Directive.
Find out more
Under the EU’s General Data Protection Regulation (GDPR) Article 32, organisations will need to restore the availability of and access to personal data in the event of a physical or technical breach. It also calls for the testing and evaluation of the effectivity of technical measures.
Find out more
And other frameworks…
Incident response planning is mandated as part of all major cyber security regimes either directly or indirectly. The international information security standard ISO 27001 (ISMS) and business continuity standard ISO 22301 (BCMS) require organisations to develop CIR management capability. The Payment Card Industry Data Security Standard (PCI DSS) also requires annual testing of organisations’ incident response plans. Similarly, UK government departments have a responsibility to report cyber incidents under the terms laid out in the security policy framework issued by the Cabinet Office, effectively mandating a CIR for such organisations as well.
CIR Management Service
The Cyber Incident Response Management service from IT Governance will analyse your security controls and identify vulnerability gaps that could increase your risk exposure. The consultancy team will develop an action plan that will allow staff to recognise potential risks and train personnel respond to any incident in a timely and expeditious manner.
The benefits of a CIR management action plan from IT Governance
- Reduces overall organisational and cyber risk
- Improves cyber resilience
- Lower cyber insurance premiums
- Provides assurance to prospective clients, investors or the board of directors
- Minimal disruption to the business
- Expert advice from a leading CREST-certified consultancy
- Tailored to your organisational needs and business requirements
- Reduces impact of and response times to incidents
- Additional services such as penetration testing can also be provided.
How IT Governance can help you
As a CREST-certified organisation, we use CREST’s cyber incident response approach and draw from the ISO 27001 and ISO 27035 (security incident management) standards to help you define and implement an effective prepare, respond and follow-up incident response plan using a seven-step process cycle approach.
More importantly, a CIR management plan will put in place a process that will allow you to determine, and report on, the specifics of a cyber incident. For GDPR incident reports, include the contact details of your data protection officer (DPO):
- Detailed timeline of an incident
- Narrative describing the incident
- How the incident was discovered
- Company policies and procedures put into effect concerning incidents and breaches
- Corrective actions taken
- Complaints received
- Details of mitigation efforts
It is this information that governing and regulatory bodies will look for when reporting cyber incidents under the GDPR. The completeness and level of detail of the report have the potential to save an organisation a substantial amount of money and reputational damage in the event of a breach.
And because an incident response plan is a standalone process (it does not depend on the prior deployment of other processes), it can be evaluated and implemented at any stage of a cyber security compliance project, although it is wise to consider its implementation in the early stages of project development since other standards, such as business continuity, depend on it.
Find out more
For more information on how IT Governance can help with your CIR Management service please contact us by using the methods below.