–From existing Computer Security Incident Response Plan (CSIRP)–
Computer Security Incident Response Plans (CSIRP)
A CSIRP allows an organization to reliably respond to security incidents at both a strategic and tactical level
On the strategic level, Kivu can assist in capability development, program development, policy integration and governance issues. On the tactical level, Kivu can assist the client in forming teams, conducting detailed training, and helping formalize detection and response procedures.
A CSIRP from Kivu typically includes agreed definitions for incidents; escalation procedures; incident checklists; and an organizational structure for dealing with all types of likely (and less foreseen) incidents. Kivu does not have a “one plan meets all needs” approach to a CSIRP – Kivu tailors the CSIRP to fit the organization’s needs and work efficiently within its environment.
This Planning Service may also include (at client’s request) help establishing the correct governance frameworks which, in turn, define the relationship of the CSIRP and the response capability to a variety of internal stakeholders. This can include formal committee charters, detailed procedures, metrics, and report frameworks.
–From existing Incident Response Testing & Capability Analysis–
Test Your Plan
Regularly testing an IR plan is critical in determining how effectively the client will react and respond to a declared security incident. Kivu can facilitate the creation and assessment of IR testing procedures. Testing will be in the form of a walk-through tabletop exercise and will provide analysis and results for integration into future exercises.
The following is a list of activities to be performed during IR Testing and Capability Analysis:
Creation of IR Testing Procedure
- Review current IR procedures
- Create procedures for executing a simulated event
- Integrate best practices into exercise models for client
Provide assistance during IR Testing
- Facilitate and guide client in tabletop exercise
- Review client’s handling of incident
- Determine areas for improvement
- Conduct review of actions from exercise
Provide feedback from exercise to integrate into IR plan
Kivu can determine how often a particular organization’s IR plan should be tested to ensure that the client stays familiar with IR procedures and to assess if there is a need for IR plan modification.