Log Into Catapult®
Monarch Logo v2T
  • Home
  • About
  • Latest Intel
  • Training
Menu
  • Home
  • About
  • Latest Intel
  • Training
Phone Envelope
  • Homepage
  • About
  • Latest Intel
  • Call Us
  • Email Us
Menu
  • Homepage
  • About
  • Latest Intel
  • Call Us
  • Email Us
Thought Leadership

Incident Management: From Tactical to Strategic

By John Rogers 

Moving from Tactical Computer Incident Response to Strategic Organizational Intelligence

Institutional Incident Response

The response to a security incident, or the lack thereof, belongs to the organization. The whole organization.  Placing the responsibility for incident response (IR) into only the IT Department creates a short sighted and siloed culture which will not shield the organization from the repercussions of the incident. In fact, the skills required to navigate a cybersecurity incident may range far from those of most IT Professionals: corporate messaging, legal, human resources, and ultimately, executive leadership will all need to participate.

It’s also worth noting that focusing on response alone will see your management of an incident falling short of effective. The most important part of incident management is planning and preparation. Response without adequate, cross-departmental preparation is almost certainly lead to a chaotic scene. Responses should instead encourage involvement from as many departments as are impacted. While technical tactics may be required to detect, contain, and eradicate a malware infection, or halt an active attacker, the organization must author the strategy of its responses. Execution should be holistic, integrated, follow a replicable plan, and include “runbook” style procedures published for common incident types.

Scenarios That Beg the Question(s)

There are many incidents which can disrupt the operations of an organization far beyond technical impacts.  Social engineering within an unaware organization can exploit the trust of its users and lead to financial loss. Insider threats perniciously multiply from one disgruntled seed causing the loss of proprietary company data.  A simple unmalicious human error can disclose sensitive data to unintended parties.

These incidents pose reputational and operational risk to an unprepared organization and rarely include a technical recovery requirement.

Why then, do tactics and procedures drive the Incident Response planning when the stakes might be beyond them? Keeping IT at the center of IR can create a myopic response that neglects big-picture reputational stakes and omit key institutional players.

Instead, organizations should also consider:

  • Does the organization practice phishing, network and customer pretexting, and on-site social engineering attack detection and response?
  • Does the IR Team include cross departmental staff and leadership?
  • Does the IR Plan include runbooks for common incident types, e.g., theft or loss of equipment, malware infection/ransomware attack, active cyber-attack, Denial of Service, etc.?
  • What is the process at your organization for obtaining, analyzing, sharing and acting upon applicable threat intelligence? ​
  • Who manages your threat intelligence feeds and library?​
  • Should the threat of malware have any impact on user browsing activity?​
  • What are your social media controls? Do you review user posts prior to publishing? Are you alerted when there is a post? Can you tell how many shares and views?​
  • What are your procedures for risky transactions/functions?​
  • How do you manage accidental disclosure of sensitive/protected data?​
  • What happens when a breach or incident hits the press? Who is doing the talking? Perhaps more importantly, who isn’t?
  • Do you have scripts, outgoing messages, web-site specific messages pre-written, pre-recorded, and/or pre-configured?
  • Would you pay the ransom?

Strategic vs. Tactical

Strategic approaches are based in foresight with the benefit of a calm, clear heads. They are focused on objectives that relate to a bigger business perspective. Tactics are immediate, short-term, and situational. Our strategy for responding to, and managing, incidents, should take advantage of all the intelligence the world has accumulated across more than 20 years of successful cybercrime, and all those lessons learned.

If tactics are not executed in support of a good strategy which can predict most threats, responses may be fated to fall short or fail. Strategic-level responses do best with buy in from cross-departmental executive leadership across the organization.  That buy in converts the IR function into organizational intelligence that is active and builds resilience to adverse events across the organization.


Read Also: What is a Risk Assessment?


Incident Response

CMMC 2.0 Snake Oil
Beware the CMMC Snake Oil
Previous Article

The cybersecurity universe is constantly changing. Stay in touch to get the latest.

Monarch_Mark_v1_grey_500T
Monarch_Mark_v1_grey_500T

Explore Monarch

  • Defense Industry
  • Financial Industry
  • Healthcare Industry
  • About
Menu
  • Defense Industry
  • Financial Industry
  • Healthcare Industry
  • About
  • Defense Industry
  • Financial Industry
  • Healthcare Industry
  • About
  • Latest Intel
  • Videos
  • Blog
  • News
  • info@monarchisc.com
  • 207 808 0472
Menu
  • Defense Industry
  • Financial Industry
  • Healthcare Industry
  • About
  • Latest Intel
  • Videos
  • Blog
  • News
  • info@monarchisc.com
  • 207 808 0472

Intel

  • Training
  • Videos
  • Blog
  • News
Menu
  • Training
  • Videos
  • Blog
  • News
  • info@monarchisc.com
  • 207 808 0472
  • 22 Free St, Suite 300 Portland, ME 04101
  • Contact Us
Facebook Linkedin Youtube

All content © 2023 Monarch ISC

Your message has been successfully sent

Unable to send.

 

V-ISO Services

V-ISO is our most engaged and complete service offering at Monarch ISC. You select the components, and we execute an annualized program acting as an outsourced member of your internal team.

This package may include everything we offer, or any of several sets of core program components. We bundle your choices, provide privileged pricing, and schedule our year together to build the program foundations. Once the foundations are built, we move into Sustainability Mode, still providing whatever level of engagement you choose.

What’s included?

  • Unrestricted access to your advisor by email or phone for your day to day questions.
  • A monthly meeting to ensure progress is steady. We can act as leader, facilitator, secretary, and/or taskmaster, that’s up to you.
  • Process tracking beyond the monthly meeting.
  • Reporting formatted for any organizational level.
  • A senior certified information / cyber security professional with at least 20-years of experience working with financial services organizations, healthcare practices and systems, and DOD contractors.

Contact Us

Or Schedule Consultation Today

 

Documents, Policies & Plans

Our highly effective policies and plans are currently in-force at banks, credit unions, healthcare facilities, and DoD contractors. Our careful iterative process ensures your organization is understood before the writing begins. Your policies and plans need to express actual practices, not some templatized check-box fantasy that bears little resemblance to your unique organization.

We will work with you to create a new Information Security Program, or dramatically improve your existing program or any component to include:

  • Information Security Policy
  • Incident Response Plan
  • Security Plan(s)
  • Business Continuity/Disaster Recovery Plans
  • Vendor Management Plan
  • Pandemic Response Plan

Monarch ISC Information Security Program documents have undergone two-decades of regulatory and audit scrutiny, passed every test, and set the standard. They are the bedrock on which you will build your information security program.

Contact Us

Or Schedule Consultation Today

 

Cybersecurity Training

People are your weakest link. We deliver effective training to any organizational group to strengthen the whole chain, from end-users, to IT Professionals, to Board of Directors, and every level in-between. Everyone must gain awareness and develop the skills needed in their roles to make an organization resilient to adverse events and incidents.

Our live instructor-led training sessions:

  • Are customized for your organization.
  • Cover all regulatory required material, current threats, Cybercriminal profiles and processes, and of course how to defend against nearly constant attempts by the bad guys to disrupt your mission.
  • Are conducted via video conferencing and recorded for your unrestricted internal use.

Engage us to follow-up the training with phishing email test campaigns to measure the effectiveness of our training too! We’re confident you’ll see results!

BUY NOW, Contact Us or Schedule Consultation Today

Contact Us

 

HIPAA Compliance Assessment

You made sure your Electronic Medical Record (EMR) system was HIPAA-compliant. Did you know that is just the first step in making your practice HIPAA-compliant?

You take great care of your patients, and you know that means taking great care of your patients’ sensitive personal data, too. But complying with the federal Health Insurance Portability and Accountability Act (HIPAA) can be as complicated as some of the things you learned in medical school.

Monarch Information Security Consulting understands what the law demands of you and your practice, can evaluate what you need to do to meet those expectations, and will create a customized and easy-to-understand plan for you to achieve complete HIPAA compliance and get back to caring for your patients with confidence.

Our consultants have over 40 years of experience in identifying, evaluating, and remediating HIPAA compliance. We take the time to get to know you and your organization, and we create a comprehensive map of your entire data flow. We pinpoint your vulnerabilities and infractions, we provide a smart, straightforward plan to achieve sustainable, HIPAA compliant data security, and we stand by you and our work in the event of an audit.

Contact Us

 

FFIEC CAT Assessment

The FFIEC Cybersecurity Assessment Tool measures the maturity of your financial institution’s information security program. The tool helps define your current inherent risk profile and assess your compliance status across the security domains. 

It can be a daunting exercise to complete.

We can help!

Our experts work with your team to complete the assessment and document any gaps in compliance. We will build a timeline for remediation, and can assist with training, risk assessments, policy building, business continuity exercises, board reporting, and more. Our work will fill the gaps and increase your maturity level. 

Contact Us

CMMC Assessment

The Cybersecurity Maturity Model Certification (CMMC) has been released!

The certification will be required for all Department of Defense contractors AND sub-contractors. Audits will begin in 2020. The audit timelines and the list of approved auditors have not been released.

Special Note: DoD Guidance for self-assessment scoring has been updated! You will need to provide your self-assessment (Basic) of the NIST 800-171 guidance to the Supplier Performance Risk System (SPRS). The system is online NOW! Do you know your score?

NOW is the time to start the certification process, so contact us for a free consultation.
For many organizations this is a strange new world. Data security requirements have been in place for banks, merchants accepting credit cards, and healthcare organizations, but never have manufacturers and other government contractors with unclassified information faced this type of scrutiny.
This can be an overwhelming amount of work.
The certification domains cover a wide variety of topics from Asset Management to System and Information Integrity. You will need to implement the correct controls, write the appropriate policies, and keep track of your compliance activities in preparation of an audit. Failure to be certified will mean thousands, or millions, of dollars in lost government contracts.

Monarch ISC can help.

Schedule Consultation