Comp Fides provides several incident readiness services to help organizations position themselves to detect and manage incidents more successfully.
Incident Response Planning
The daily announcements of yet another high profile hack, only reinforces the contemporary idea that there are only two types of organizations: those that have been breached, and those that don’t know they have been breached. In such an environment, it is a forgone conclusion, that it is only a matter of time before your organization will have to manage an incident. During a breach is no time to try and figure out how to best manage an incident. Our plan development methodology will arm your organization with a multi-standards compliant plan tailored to your organizational and industry needs. It will assist you in reducing risks, recovering timely, while minimizing impacts to production.
Practicing an incident management plan is crucial to success. To obtain the greatest benefits from practicing, special consideration needs to be made to ensure a repeatable process is used. The process should include real world scenarios, and exercise each phase of the incident response plan. It should pay close attention to communication linkages, and hand-offs, along with validating any metrics used to measure the success of the plan. We have experience constructing comprehensive tests of incident response plan that enable the continuous improvement of your plan.
An adversary must follow a specific series of steps in order to breach an organization’s defenses, known as the Cyber Kill Chain. The farther up the chain an organization can break a link, the less damage and influence an adversary can have over an environment. Every action an adversary takes to complete a link in the kill chain, leaves behind telltale indicators. Speed of detection is critical to facilitate early link breakage. The primary road block to early detection, is collecting too much information, and improperly analyzing it. This creates a situation of information overload on analysts known as alert fatigue. We can help your organization improve its situational awareness by collecting the right information, in the right way; speeding detection, and reducing alert fatigue.
Cyber Terrain Analysis
A key advantage an organization can have over an adversary is the comprehensive understanding and control of their cyber terrain. Cyber terrain is comprised of the systems, devices, protocols, data, software, processes, accounts, and other networked entities that comprise, supervise, and control a network. Many organizations have only an opaque understanding of their cyber terrain, limiting their ability to leverage this advantage. Our cyber terrain analysis brings clarity to an organizations understanding of their environment. It also provides recommendations on how to modify the terrain to make observation easier, cover and concealment more effective, control avenues of approach, and place obstacles to slow or halt adversaries.