ProCircular prepares an incident response plan with each client ahead of time, and our engineers are ready to travel onsite and manage the situation. We work closely with our partners at Vestige to ensure that chain of custody and data integrity is maintained, and the process of remediation addresses both short term and long term needs.
Once a breach has been contained, we work with the client to address root causes and ensure that the problem can’t arise again. This may include working with the client’s insurance providers, law enforcement, and other third parties on behalf of the client.
The primary steps in creation of our IR plan are as follows:
- Establish maturity of any existing Incident Response or Business Continuity Plan (BCP) or Disaster Recovery (DR) plans that may overlap.
- Assign an executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
- Develop a taxonomy of risks, threats, and potential failure modes. Refresh them continually based on changes in the threat environment.
- Develop easily accessible quick-response guides for likely scenarios.
- Establish processes for making major decisions, such as when to isolate compromised areas of the network.
- Establish and maintain relationships with key external stakeholders, such as law enforcement.
- Maintain service-level agreements and relationships with external breach-remediation providers and experts.
- Ensure that documentation of response plans is available to the entire organization and is routinely refreshed.
- Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
- Identify the individuals who are critical to incident response and ensure redundancy.
- Train, practice, and run a simulated breach to develop response “muscle memory.” The best-prepared organizations routinely conduct war games to stress-test their plans, increasing managers’ awareness and fine-tuning their response capabilities.