Everyday cybersecurity incidents are becoming more widespread.Businesses are struggling to keep up with these issues and are often not aware when they have been breached.
In order to detect and contain cybersecurity incidents, businesses need to have an incident response plan. While an incident response plan can cover for most incidents, there are times when specific types of cybersecurity incidents must be handled a certain way. This is where having an incident response playbook comes into play.
4. The Importance to an Incident Response Playbook
▪ Helps security teams define the “Who, What and Where” of
cyberattacks.
▪ Allows teams to follow pre-planned procedures for specific
security incidents.
7. Incident Response Plan vs. Incident Response Playbook
Incident Response Plan
Tailored to consider a “first time”
reader.
Applicable for most incidents.
Focuses on brining resources
together.
Incident Response Playbook
Focuses on more specific
situations.
Provides step by step
instructions for scoped incidents.
10. Incident Response Playbook
Preparation
▫ Initial phase where roles and teams are determined.
Detection
▫ Define indicators that specific event is occurring.
▫ Define risk associated with the event.
Analysis
▫ Incident is validated and potential impact is determined.
Containment
▫ Identify assets being targeted and prevent/limit damage.
11. Incident Response Playbook Cont.
Eradication
▫ Focus on eliminating the cause and addressing issues that caused the
incident.
▫ Communicate remediation activities with internal stakeholders,
management, etc.
Recovery
▫ Bring assets back to normal operation and adjust monitoring/alerts.
▫ Communicate recovery activities with internal stakeholders,
management, etc.
Post Incident Activity
▫ Incident is document and assess areas that need improvement.