This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Cyber Incident Response (CIR) Management

Cyber attacks continue to make headlines. As cyber attackers gain ground against organisations, institutions and individuals, the threat of becoming a victim of a data breach is now an imminent reality for all companies. The damage, both short term and long term, can be very substantial and, for some organisations, even existential.

The cyber threat landscape is constantly changing and new threats are emerging on a daily basis. Today, threats come not only from outside the organisation but also from within. Threats can range from advanced persistent threats (APTs) and amateur hackers penetrating organisations just for fun, to disgruntled employees and full-blown cyber armies. Organisations have to defend against every kind of attack, whereas an attacker just needs to find one flaw to penetrate an organisation’s network and exploit the vulnerability.


How a cyber attack is carried out

CREST, the not-for-profit accreditation body representing the technical information security industry, describes the three basic phases of a cyber attack and the recommended countermeasures.

1. Reconnaissance


  • Identify target
  • Look for vulnerabilities
  • Monitoring and logging
  • Situational awareness
  • Collaboration

2. Attack Target


  • Exploit vulnerabilities
  • Defeat remaining controls

3. Achieve Objectives


  • Disrupt systems
  • Extract data
  • Manipulate information
  • Cyber Incident Response (CIR) planning
  • Business continuity & disaster recovery
  • Cyber security insurance


A legal requirement

The speed at which you identify a breach, combat the spread of malware, prevent access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Practical incident response processes can detect incidents at an early stage and reduce the risk of future incidents occurring.

Under the EU’s General Data Protection Regulation (GDPR), organisations will need to implement an effective incident response plan to contain any damage in the event of a data breach, and to prevent future incidents from occurring. Organisations with EU data subjects should start taking measures now in order to meet the stringent requirements of the Regulation by the deadline of May 2018.

Incident response planning is mandated as part of all major cyber security regimes. The international information security standard ISO 27001 and business continuity standard ISO 22301 require organisations to develop CIR management plans. CIR is also a requirement of the Payment Card Industry Data Security Standard (PCI DSS), which requires that CIR management should be tested at least annually. Similarly, UK government departments have a responsibility to report cyber incidents under the terms laid out in the security policy framework (SPF) issued by the Cabinet Office, effectively mandating a CIR for such organisations as well.


CIR – for whom is it?

The CIR Management service is designed primarily for small to medium-sized enterprises that require compliance with the industry standards ISO 27001 (information security management system (ISMS)) and ISO 22301 (business continuity management system (BCMS)), or regulatory requirements such as the EU General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS).

You can find a free suite of this service’s brochures, including a service description, sample report and service consultancy pricing, on the Cyber Incident Response Management produt page.

Find out more


Top ten challenges

Organisations can have significant difficulty in responding to cyber security incidents, particularly sophisticated cyber attacks.

The top ten challenges organisations face in responding to a cyber security incident in a fast, effective and consistent manner are:

  1. Identifying a suspected cyber security incident;
  2. Establishing the objectives of an investigation and a clean-up operation;
  3. Analysing all available information related to the potential cyber security incident;
  4. Determining what has actually happened;
  5. Identifying what systems, networks and information (assets) have been compromised;
  6. Determining what information has been disclosed to unauthorised parties, stolen, deleted or corrupted;
  7. Finding out who did it and why;
  8. Working out how it happened;
  9. Determining the potential business impact of the cyber security incident; and
  10. Conducting a sufficient investigation using forensics to identify those responsible.

Absence of appropriate skills and inadequate cyber-readiness can significantly increase the duration and cost of a cyber incident. Few organisations really understand their ‘state of readiness’ to respond to a cyber security incident, particularly a serious cyber attack, and are typically not well prepared in terms of people, processes and technology.

Organisations of all types are struggling to deal with cyber security incidents effectively, with cyber security incidents now taking place on a regular basis and having a significant impact on business.

“Most companies are still not adequately prepared for – or even understand the risks faced: Only 37% of organisations have a cyber incident response plan.”

PwC Global Economic Crime Survey 2016


How we can help you

IT Governance is a world leader in the field of international management standards, IT governance, cyber security, CIR management, risk management and compliance.

Using CREST’s cyber incident response approach and drawing from the ISO 27001 and ISO 27035 standards, IT Governance can assist you in defining and implementing an effective prepare, respond and follow-up incident response approach, as defined below.



IT Governance will provide all the support you need

Get started with your incident response planning strategy today with support from IT Governance.

Get access to an experienced, dedicated technical group of people that can carry out sophisticated cyber security incident investigations quickly and effectively.

Identify, detect and contain incidents faster, mitigate the impact of an incident and restore services in a trusted manner.

Prepare now for an effective CIR plan and minimise the impact of a breach when it does happen by contacting us: