Integrated Incident Response Program (IIRP)

$1,650.00

The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents. This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.

SKU: P08-IIRP Categories: , Tags: ,

Description

  • The CIRP addresses the “how?” questions for how your company manages cybersecurity incidents.
  • This is primarily an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
  • In summary, this addresses fundamental needs when it comes to incident response requirements:
    • Defines the hierarchical approach to handling incidents.
    • Categorizes eleven different types of incidents and four different classifications of incident severity.
    • Defines the phases of incident response operations, including deliverables expected for each phase.
    • Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
    • Defines the scientific method approach to incident response operations.
    • Provides guidance on how to write up incident reports (e.g., lessons learned).
    • Provides guidance on forensics evidence acquisition.
    • Identifies and defines Indicators of Compromise (IoC).
    • Identifies and defines sources of evidence.
  • The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents.
  • This helps provide evidence of due care in how your company handles cybersecurity incidents.
  • The CIRP is based on leading frameworks, such as NIST 800-37, NIST 800-39, ISO 31010 and COSO 2013.

The reality is that incidents do not care if your responders are or are not prepared and generally with incident response operations if you fail to plan you plan to fail. What matters most is appropriate leadership that is capable of directing response operations in an efficient and effective manner. This is where the Cybersecurity Incident Response Program (CIRP) is an invaluable resource for cybersecurity and privacy leaders to have a viable plan to respond to cybersecurity and privacy-related incidents.

Most companies have requirements to document its incident response processes, but they lack the knowledge and experience to undertake such documentation efforts. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with a compliance requirement. In either situation, it is not a good place to be. The good news is that ComplianceForge developed a viable incident response program that is based on NIST 800-61 guidance, which is the “gold standard” for incident response frameworks. This document is capable of scaling for any sized company.

The CIRP can serve as the cornerstone element in your organization’s cybersecurity incident response program. It can stand alone or be paired with other specialized products we offer.

Can you honestly answer how incident response is documented at your organization? When you “peel back the onion” and prepare for an audit, there is a need to address “the how” for certain topics, such as incident response. While policies and standards are designed to describe why something is required and what needs to be done, many companies fail to create documentation to address how the policies and standards are actually implemented.

We did the heavy lifting and created several program-level documents to address this need and the Cybersecurity Incident Response Program (CIRP) is one of those products. This is specifically designed to provide you with the ability to hit the ground running with incident response. From laying the foundation of how to classify incidents, to responding to events, and providing tabletop exercise material, the CIRP can quickly mature your incident response capabilities.

What Is The Cybersecurity Incident Response Program (CIRP)?

The CIRP is an editable Microsoft Word document, but it also comes with Microsoft Excel, PowerPoint and Visio templates that contain the program-level documentation and process flows to establish a mature cybersecurity incident response program.

  •  This product addresses the “how?” questions for how your company manages cybersecurity incident response.
    • This product helps provide evidence of due care in how your company handles cybersecurity incidents.
    • The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents, so that your company can train on likely scenarios and tailor plans specific to your needs.
  • The CIRP helps address the fundamental expectations when it comes to incident response requirements:
    • Defines the hierarchical approach to handling incidents.
    • Categorizes eleven different types of incidents and four different classifications of incident severity.
    • Defines the phases of incident response operations, including deliverables expected for each phase.
    • Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
    • Defines the scientific method approach to incident response operations.
    • Provides guidance on how to write up incident reports (e.g., lessons learned).
    • Provides guidance on forensics evidence acquisition.
    • Identifies and defines Indicators of Compromise (IoC).
    • Identifies and defines sources of evidence.

 What Problem Does The CIRP Solve?

  • Lack of In House Security Experience – Writing security documentation is a skill that many good cybersecurity professionals simple are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive documentation (e.g., cybersecurity incident response program documentation) means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The NIST 800-61-based CIRP is an efficient method to obtain a comprehensive incident response program for your organization!
  • Compliance Requirements – Nearly every organization, regardless of industry, is required to have formally-documented incident response program. Requirements range from PCI DSS to NIST 800-171 to EU GDPR. The CIRPis designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected incident response activities.
  • Audit Failures – Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The CIRP is easy to maintain and customize for your organization, since it is Microsoft Office-based documentation that you can edit for your needs and keep current as things change in your environment.
  • Vendor Requirements – It is very common for clients and partners to request evidence of an incident response program. The CIRP provides this evidence!

How Does The CIRP Solve It?

  • Clear Documentation – The CIRP provides comprehensive documentation to prove that your incident response program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
  • Time Savings – The CIRP can provide your organization with a semi-customized solution that requires minimal resources to fine tune for your organization’s specific needs.
  • Alignment With Leading Practices – The NIST-based CIRP is written to align your organization with leading practices for incident response.

Related products