- Incident response documentation is required by every major framework, directly tested in tabletop exercises, and frequently scrutinized by regulators after any reportable incident.
- Two focused products: IIRP (Integrated Incident Response Program) and COOP (Continuity of Operations Plan).
- The IIRP covers incident detection, analysis, containment, eradication, and recovery, aligned with NIST SP 800-61.
- The COOP covers business continuity and disaster recovery, including recovery time / recovery point objectives and crisis management.
- Together, the two products address the two adjacent disciplines: what to do when something breaks (IIRP) and how to keep the business operating through it (COOP).
Incident Response & Business Continuity
Incident response and business continuity are adjacent disciplines that frequently get conflated but serve distinct purposes. Incident response addresses the immediate handling of a security event. Business continuity addresses keeping the business operating through the event and its aftermath.
When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as incident response. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Integrated Incident Response Program (IIRP) is one of those products.
When you look at DFARS and EU GDPR, those regulations both have requirements to rapidly respond to and report incidents within 72 hours of discovery. Without a well-designed and efficient incident response program, your organization may very well miss reporting deadlines that can lead to fines, lost contracts and other legal issues.
Available Incident Response Products
Two focused products covering incident response and business continuity. Purchase individually or combine for end-to-end coverage.
Comprehensive Coverage
Give us a call or send us an email - we are happy to help you find the right solution for your needs!
There are a lot of choices to pick from when selecting a cybersecurity framework. If you are not sure what works best for you, you can read more here. The most common frameworks are NIST 800-53, ISO 27002, the NIST Cybersecurity Framework and the Secure Controls Framework (SCF). To do NIST CSF, ISO 27002 or NIST SP 800-53 properly, it takes more than just a set of policies and standards. While those are foundational to building a cybersecurity program aligned with that framework, there is a need for program-specific guidance that helps operationalize those policies and standards (e.g., risk management program, third-party management, vulnerability management, etc.). It is important to understand what is required to comply with NIST CSF vs ISO 27002 vs NIST SP 800-53, since there are significantly different levels of expectation.
It is important to understand that picking a cybersecurity framework is more of a business decision and less of a technical decision. Realistically, the process of selecting a cybersecurity framework must be driven by a fundamental understanding of what your organization needs to comply with from a statutory, regulatory and contractual perspective, since that understanding establishes the minimum set of requirements necessary to:
- Not be considered negligent with reasonable expectations for cybersecurity & data protection;
- Comply with applicable laws, regulations and contractual obligations; and
- Implement the proper controls to secure your systems, applications and processes from reasonable threats, based on your specific business case and industry practices.
This understanding makes it easy to determine where on the "framework spectrum" (shown above) you need to focus for selecting a set of cybersecurity principles to follow. This process generally leads to selecting the NIST Cybersecurity Framework, ISO 27002, NIST SP 800-53 or SCF as a starting point.