The Secureworks ® Incident Response proactive consulting practice develops incident response (IR) plans, performs IR plan gap analyses, and facilitates tabletop exercises featuring various security risks to the more than 4,000 customers in our base. Over time we have analyzed findings from each engagement. And it is from those findings that multiple patterns emerged showing consistent challenges to our customers’ security posture and response capabilities.
This 5-part blog series details the top 5 challenges we see when we’re called in to do a proactive incident response engagement. As these are systemic, widespread issues, we want to raise awareness and share our guidance to help your organization get ahead of them.
The first blog in this series looked at what should be considered the basic foundation of any security practice: the definition of “incident.” Click here to read part 1.
This second blog in the series discusses another relatively simple item: the contact list.
It’s straightforward. During any incident, knowing who to call is important. And yet, the data from our look at “normal” shows that this is an area that is surprisingly neglected.
Most organizations have a contact list in their incident planning or at least in their business continuity/disaster recovery plans. Both large and small customers inform us regularly that “we know who to call.” Many of those contact lists are relatively complete, with the operative word being “relatively.”
Contact lists need to include every member of the core incident response team, senior executives, business division leaders, legal, HR, sales, marketing, personnel to help coordinate at remote locations, contractor support, Internet Service Providers, local law enforcement, regional law enforcement, national law enforcement, regulatory contacts, compliance contacts, everyone in your data supply chain, ..
Support the originator by clicking the read the rest link below.
