The Military-Grade Difference in Incident Response

CyberDefenses - Incident Review

by Brian Engle

In support of an overarching information security program, a resilient, sustained incident response program comes from the organization developing the capability in conjunction with the incident response program. The incident response program involves activities that occur in advance of an actual incident event with the goal of ensuring that the organization is prepared to respond. The prepared organization has anticipated the potential for their cybersecurity defenses to fail, or that an adversary will circumvent the defenses, and a set of actions will be necessary to protect critical assets and limit harm.

 

CyberDefenses helps organizations maintain “Military-Grade” levels of cybersecurity. Using disciplines and expertise built from extensive experience, the “Military-Grade” approach for incident response combines comprehensive preparedness and execution to move from reactive to responsive, while effectively executing to a plan that is purposely adaptable for adjustments that the field conditions may dictate. A well-built program anticipates likely outcomes and potential contingencies. The incident response program forestalls that practice makes perfect, and that perfect during practice may still need to adapt in order to overcome under live-fire.

 

The incident response program helps to improve and produce a capable defense, while enabling a proactive response to attacks. The program will include developing a well-honed plan for the coordination of activities across the organization and within the teams that are responsible for incident response. The plan is used to ensure that communications are clear, timely and complete; enabling each of the team members to execute their distinct response processes. The detailed steps of the process need to be repeatable, but also flexible enough to fluctuate with the various conditions.

 

“Military Grade” isn’t the execution of rote process, but instead the level-headed calm under extreme conditions that preparedness achieves. Execution, like you’ve been through the event before occurs because you either have been there through training or experience. You are executing a plan prepared for anticipated or predicted likely incident event types or otherwise adjusted as needed to adapt and overcome. The incident response program enables the organization to reach the end goals of mitigation of the active threat, remediation of the damages incurred, and restoration of normal operations for achieving mission objectives.

 

While having Military-Grade defenses can inhibit a large number threats, having a plan for Incident Response is crucial to any organization to eliminate panic and deal with threats in the most timely and effective manner possible.

To amp up your cybersecurity efforts click here and learn more about the Military-Grade difference and gain access to an Incident Response Plan template.

About the author

Brian Engle

Brian Engle is the CISO and Director of Advisory Services, a role in which he leads the delivery of strategic consulting services for CyberDefenses's growing client base with risk management support, information security program assessment and cybersecurity program maturity evolution. Prior to working at CyberDefenses, he was the founder and CEO of Riskceptional Strategies, a consulting firm focused on enabling the development of successful strategies for implementing, operating, and evolving risk-based cybersecurity programs. Brian’s previous information security roles include Executive Director of Retail Cyber Intelligence Sharing Center (R-CISC), CISO and Cybersecurity Coordinator for the State of Texas, CISO for Texas Health and Human Services Commission, CISO for Temple-Inland, Manager of Information Security Assurance for Guaranty Bank, and Senior Information Security Analyst for Silicon Laboratories. Brian has been a professional within Information Security and Information Technology for over 25 years, and serves as a past president and Lifetime Board of Directors member of the ISSA Capitol of Texas Chapter, is a member of ISACA, and holds CISSP and CISA certifications.