Cyber Incident Response Audit
No matter how technically prepared you are for a cyber-attack your organisation is always at risk. It is vital that you prepare a response for a cyber incident.
PlanB Consulting can conduct a Cyber Incident Response Audit. This will involve assessing the competence and level of knowledge of the C-Suite to manage the non-technical response to a Cyber Incident.
We will then produce Cyber Incident Response Gap Analysis Report. This will detail the suggested training for your C-Suite and recommendations for updates to your Cyber Incident Response Plans.
Our Gap Analysis
PlanB Consulting can carry out a full review of your level of preparation, maturity level if required and then produce a gap analysis which details the suggested work you should carry out.
PlanB Consulting can provide your organisation with a Cyber Gap Analysis covering the following 6 areas:
Risks – Does your organisation understand what it has to lose during a data breach? Have you had a comprehensive cyber risk assessment and audit carried out on your cyber risks and vulnerabilities?
Technical Response – Are there plans and playbooks in place for dealing with the different types of cyber incidents the organisation could face? Have recovery and disaster recovery plans been tested?
Crisis Management – Do you have crisis communication plans and procedures in place for different types of cyber incidents?
Communication and Reputation Management –
Do you have comprehensive communications plans in place for different types of cyber incidents?
Third Parties – Do you have relationships or contracts in place with appropriate third parties that could fill in-house knowledge gaps and provide expertise?
Exercises and Training
What is the level of cyber knowledge of those who would respond to a cyber incident and what training they have had? When were the plans last exercised and have cyber scenarios been exercised?.
Large Energy Trading Company
Cyber Gap Analysis followed by development of a cyber playbook and exercise for an energy trading organisation.
PlanB Consulting were asked by this organisation to review their preparedness for managing a cyber incident. PlanB Consulting conducted a series of interviews to understand what they had in place and where the gaps were. This was delivered to the senior management team.
Two areas highlighted by the report was:
1. No plan in place for responding to a cyber incident
2. The crisis team had not recently taken part in an exercise.
PlanB consulting delivered a cyber playbook which was used in a desk top exercise. After the exercise the playbook was updated with the lessons learned. Due to the success of the exercise PlanB Consulting has been instructed to carry out a further exercise in the UK and to conduct a very similar project for their North American subsidiary.