INCIDENT RESPONSE TESTING
A comprehensive incident testing programme can expose gaps in even the most seemingly robust of plans and provides valuable insight into whether the incident response plan actually delivers its stated aims back to your organisation.True cyber resilience can only be achieved through ongoing testing of your capability to detect and respond to security incidents.
Even organisations with incident response plans in place are finding that the time to resolve incidents is increasing. This is largely due to organisations not testing their incident response plans, then finding that they can’t adequately address all the aspects of a genuine security incident.
Why Do I Need My Incident Response Plan Testing?
Your plan will be tested, sooner or later, during a real breach. Many organisations only discover the flaws in their incident response plans when they are trying to deal with an incident. If your incident response plan fails, there is a real risk of systemic failure in the investigation resulting in a chaotic response.
Nettitude’s Computer Incident Response Team (NCIRT) have witnessed, first hand, how a poorly configured Incident Response plan can actually exacerbate the impact of a breach. With the right response, you can mitigate the reputational and operational costs of a breach. A poorly executed response will only add to your reputational and operational costs.
What Do Nettitude Deliver?
Nettitude’s incident response consultants will review your incident response procedures in order to design and conduct plausible simulated exercises and evaluate your team’s performance. A post-event debrief session is held where Nettitude will provide detailed feedback and recommendations for improvement across a range of domains:
- Determining what the threat is to your organisation.
- Review of your current technology stack.
- Assessment of your existing incident response policy and plan.
- Assessing your risk profile.
- Considering threat intelligence providers (e.g. the government, collaborative groups, competitors, CIRTs and vendors).
- Evaluating situational awareness and applicability to your organisation.
- Simulating a real attack as closely as possible.
- Recommendations for improving your incident readiness.
Desktop exercises are designed to assess your response to both commodity and advanced or targeted threat scenarios. Advanced threats will often have different indicators, tactics and containment requirements than typical incident response methodologies. Nettitude’s real-world experience in responding to these more sophisticated attacks allows us to present scenarios that reflect the actual techniques used by advanced threat actors.