Cybersecurity

5 readers

22 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Incident response plants are incredibly important for both IT and OT cybersecurity. They guide you in stressful crises, and aid in both tactical procedures and decision making. (infosec.exchange)

submitted 4 months ago by hacks4pancakes@infosec.exchange to c/cybersecurity@fedia.io

15 comments fedilink hide all child comments

Incident response plants are incredibly important for both IT and OT cybersecurity. They guide you in stressful crises, and aid in both tactical procedures and decision making.

I cannot state enough how important it is that your organization has plans for every environment, those plans are tested, and that ultimately you write and edit the bulk of those plans yourself.

There are skeevy consulting companies who will sell you almost anything - from premade IR plans to services that build them for you without your involvement. However, I can absolutely guarantee without serious project-scale care and feeding from your own stakeholder personnel and environmental considerations, they will fall flat in an emergency. You wouldn't want your hospital to download a premade triage plan for another size or functional org from scribd.

Can't stress enough how important it is to take the time to plan, even if you bring in consultants to guide and advise you.

#cybersecurity #dfir

you are viewing a single comment's thread
view the rest of the comments

[–] riskythinking@infosec.exchange 1 points 4 months ago

@hacks4pancakes@infosec.exchange As a business continuity consultant I completely agree with this. I can help you get started, point out risks you might not have thought about, and suggest possible mitigations and responses. But ultimately it has to be your plan because only you know your business, can decide what your constraints are, can decide what and when to test, and can decide how much it is worth spending...

It's also worth remembering that major business risks (can I make payroll next week? What if a major customer drops me?) can make a business continuity or security risk unimportant in the grander scheme of things. Low probability high consequence events don't matter until you've handled the high probability high consequence ones.