INCIDENT RESPONSE PROGRAM
INCIDENT RESPONSE PROGRAM
Success depends upon previous preparation, and without such preparation there is sure to be failure. – Confucius
The FPOV Incident Response Program is designed to help organizations respond to any type of digital and cyber event as quickly and as effectively as possible. During an incident or digital event, you have little time to lose. Our program is designed to help your team properly and cohesively respond during a very critical time. When a digital event occurs, history has shown that organizations traditionally struggle to deal with the complexity of the event. Digital events can often “come out of nowhere” and evaluations must be made instantly. This often leaves the team making critical decisions chaotically. These efforts can unnecessarily work against each other to resolve the event. In short, confusion is increased at a time when clarity is paramount. The only way to effectively handle this type of incident is to proactively create a detailed program so that everyone in the organization understands their role in properly responding.
WHAT IS A DIGITAL EVENT?
We use the terminology “digital event” because the term “cyber” tends to narrow the focus of an attack to a data breach. There are many other types of crime that can be committed through a digital gateway which endanger data and digitally based intellectual property.
Digital events can progress quickly, and damage can be done in a matter of minutes. For this reason, when it is clear that a digital event has occurred, you must have a tactical response ready to go.
We have identified 25 different types of digital events. Below we’ve listed just a few high-level types of these events.
External Data Breach: Data theft or vandalism caused by an external bad actor or an extortion request through ransomware
Internal Data Breach: Data theft, vandalism, or destruction by an internal source such as a contractor or employee
Remote Work Emergency: An incident (such as a weather disaster or pandemic) suddenly forces employees to work remotely
Stolen Device: A device (such as a laptop, phone, tablet, server, storage drive, etc.), either encrypted or unencrypted, which contains sensitive information or critical intellectual property is stolen
Third Party Vendor Liability / Exploit: Security violations or damage to the organization that is caused by vendor weaknesses and exploited by bad actors
HOW OUR INCIDENT RESPONSE PROGRAM HELPS
A well-designed incident response program, with training and tabletop exercises, provide solutions to the following problems:
- Wasted Time: When events happen, time is of the essence. A digital criminal can move sideways in a network quickly and huge volumes of data can be moved in an instant.
- Missteps in Reaction: In order to defend the organization in the very best ways you can, it is important to have a guide so team members do not make their own decisions and react in ways that cannot be undone later if they are proven to be unwise.
- Regulatory Violations: There is a growing body of regulatory control over digital assets. In many cases, there are heavy fines for organizations who did not protect themselves properly or responded in the wrong ways.
- Departmental Infighting or Confusion: In some cases, the response responsibilities are not clear cut. This can cause departments to stumble over each other at the very time responses need to be fluid and frictionless.
OUR PROCESS
In an incident response engagement, we have a seven step process that includes interviewing of key team members, the development of the playbooks, and tabletop exercises to help your team members understand and execute the program.