The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the management of the actual response process, the CISO must also be able to efficiently communicate the ongoing activities and status to the executive level.
While the IR process is mostly technical, reporting to the organization’s management should take place on a much higher level in order for the non-security -savvy executives to understand. To assist CISOs with these tasks, Cynet created the IR Management and Reporting PowerPoint template (download here) which apart from providing an actionable response framework, is also clear and intuitive for the executive level.
Let’s drill down on the two aspects of the template:
IR Management
The template was built on the SANS\NIST framework which includes the following stages:
IR Reporting
To turn the security process more digestible for management the template focuses on two key themes – actions taken to control the incident and continuous insights into its root cause and scope. Both are required for clear risk perception of the event.
The control aspect gained through striving for as much transparency as possible regarding what in the attack is already known and what is yet to be discovered as well as mapping out the knowledge gains and gaps creates the assurance that the incident is indeed managed.
At the end of the day, the company’s executives operate in the context of operational space – downtime, monetary loss, resources saved or consumed. The template addresses this need by providing a high-level overview of the technical details of the compromise, lateral movement, and fileless techniques to deliver a translation of the incident into the actual and potential damage.
While there are many common denominators to cyberattacks, there are unique qualities for each one. Similarly, there is a high degree of variance between organizations and management types. The template is purpose-built to be broken down and used in a modular manner, customizing it to the specific needs of each organization.
Communication to management is not a nice-to-have part but a critical part of the IR process. The definitive IR Reporting to Management PPT template enables all who work hard to conduct professional and efficient IR processes in their organizations to make their efforts and results crystal clear to their management.
Both management and reporting are essential building blocks in an efficient IR process. The IR Management and Reporting Template attempt to assist the CISO with these tasks – not only perform a top edge response to cyberattacks but also ensure that this professional and critical work is understood and acknowledged.