Cybersecurity

5 readers

14 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Incident response plants are incredibly important for both IT and OT cybersecurity. They guide you in stressful crises, and aid in both tactical procedures and decision making. (infosec.exchange)

submitted 4 months ago by hacks4pancakes@infosec.exchange to c/cybersecurity@fedia.io

15 comments fedilink hide all child comments

Incident response plants are incredibly important for both IT and OT cybersecurity. They guide you in stressful crises, and aid in both tactical procedures and decision making.

I cannot state enough how important it is that your organization has plans for every environment, those plans are tested, and that ultimately you write and edit the bulk of those plans yourself.

There are skeevy consulting companies who will sell you almost anything - from premade IR plans to services that build them for you without your involvement. However, I can absolutely guarantee without serious project-scale care and feeding from your own stakeholder personnel and environmental considerations, they will fall flat in an emergency. You wouldn't want your hospital to download a premade triage plan for another size or functional org from scribd.

Can't stress enough how important it is to take the time to plan, even if you bring in consultants to guide and advise you.

#cybersecurity #dfir

you are viewing a single comment's thread
view the rest of the comments

[–] mikebabcock@floss.social 1 points 4 months ago (3 children)

@hacks4pancakes@infosec.exchange in all honesty, most organizations are too small with too little support to do any of this. It's a real issue, but most of them are looking at it like a fire; if it happens it happens and you let professionals deal with it after the fact.
I'm not saying it's right or good but IT isn't even a job title at most businesses.

[–] faffinaboot@hachyderm.io 0 points 4 months ago (1 children)

@mikebabcock @hacks4pancakes

If the orgs IR plan isn't much more than the steps needed to halt operations and enact the business continuity plan than that's fine. You just want to avoid flying by the seat of your pants as much as possible in that scenario - should it ever come.

[–] hacks4pancakes@infosec.exchange 0 points 4 months ago (1 children)

@faffinaboot @mikebabcock this. Look, a plan that lists your retainer contact information, who is in charge, and a first hour’s steps is a plan. I get calls every week from orgs that don’t have this much. Many go out of business. Some are in tears realizing this fact, when IR firms tell them it will be a two week wait to get help with no agreements in place. It’s something that has a cost, but you just can’t afford not to do. It’s like cheaping out on smoke alarms. Something, anything.

[–] jonas@social.jonaskoeritz.de 1 points 4 months ago

@hacks4pancakes@infosec.exchange @faffinaboot@hachyderm.io @mikebabcock@floss.social and try to call the hotlines from time to time. Maybe quarterly or twice a year to check that you can reach them and the number didn't change 😅

We got a weird international-freecall number that breaks my mind (as an ex phone guy that is) as it basically is a +800 country code you need to dial. I bet some PBXs aren't even configured to cover that.

load more comments (1 replies)