Many security pros that are doing an excellent job in handling incidents find that effectively communicating the process to their management is a challenging task. Cynet addresses this gap with the IR Reporting for Management PPT template, providing an intuitive tool to report both the ongoing IR process and its conclusion.
The IR for Management template enables CISOs and CIOs to communicate the key points that management cares about: assurance that the incident is under control and a clear understanding of the implications and the root cause.
The template follows the SANS\NIST IR framework and comprises the following stages:
Identification – Was the detection made in house or by a third-party, how mature the attack is (in terms of its progress along the kill chain), what is the estimated risk and will the following steps be taken with internal resources or is there a need to engage a service provider.
Containment – First aid to stop the immediate impact prior to further investigation, the attack root cause, the number of entities take offline (endpoints, servers, user accounts), the current status and onward steps.
Eradication – Clean up of all malicious infrastructure and activities, report on the attack’s route and assumed objectives, overall business impact (man hours, lost data, regulatory implications and others per the varying context).
Recovery – Recovery rate in terms of endpoints, servers, applications, cloud workloads and data.
Lessons learned – What enabled the attack and how these issues can be mended; reflection on the previous stages across the IR process timeline searching for what to preserve and what to improve.
Naturally, there is no one-size-fits-all in security incident. For example, there might be cases in which the identification and containment will take place almost instantly together, while in other events the containment might take longer, requiring several presentations on its interim status. The template is modular and can be easily adjustable to any variant.
Communication to management is not a nice-to-have but a critical part of the IR process itself. The IR Reporting to Management PPT template enables all who work to conduct IR processes in their organizations to make their efforts and results crystal clear to their management.
Security
via https://www.aiupnow.com
Help Net Security, Khareem Sudlow