Professionally-Written, Editable & Easily-Implemented NIST 800-61 Based Incident Response Program
Most companies have requirements to document its incident response processes, but they lack the knowledge and experience to undertake such documentation efforts. That means businesses are faced to either outsource the work to expensive consultants or they ignore the requirement and hope they do not get in trouble for being non-compliant with a compliance requirement. In either situation, it is not a good place to be. The good news is that ComplianceForge.com developed a viable incident response program that is based on NIST 800-61 guidance, which is the "gold standard" for incident response frameworks. This document is capable of scaling for any sized company.
What Is The Cybersecurity Incident Response Program (CIRP)?
The CIRP is an editable Microsoft Word document, but it comes with Microsoft Excel and Microsoft Visio templates.
This product addresses the “how?” questions for how your company manages cybersecurity incident response.
This product helps provide evidence of due care in how your company handles cybersecurity incidents.
The CIRP contains “tabletop exercise” scenarios, based on the categories of incidents, so that your company can train on likely scenarios and tailor plans specific to your needs.
The CIRP helps address the fundamental expectations when it comes to incident response requirements:
Defines the hierarchical approach to handling incidents.
Categorizes eleven different types of incidents and four different classifications of incident severity.
Defines the phases of incident response operations, including deliverables expected for each phase.
Defines the Integrated Security Incident Response Team (ISIRT) to enable a unified approach to incident response operations.
Defines the scientific method approach to incident response operations.
Provides guidance on how to write up incident reports (e.g., lessons learned).
Provides guidance on forensics evidence acquisition.
Identifies and defines Indicators of Compromise (IoC).
Identifies and defines sources of evidence.
What Problem Does The CIRP Solve?
Lack of In House Security Experience - Writing security documentation is a skill that many good cybersecurity professionals simple are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive documentation (e.g., cybersecurity incident response program documentation) means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The NIST 800-61-based CIRP is an efficient method to obtain a comprehensive incident response program for your organization!
Compliance Requirements - Nearly every organization, regardless of industry, is required to have formally-documented incident response program. Requirements range from PCI DSS to NIST 800-171 to EU GDPR. The CIRPis designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected incident response activities.
Audit Failures - Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The CIRP is easy to maintain and customize for your organization, since it is Microsoft Office-based documentation that you can edit for your needs and keep current as things change in your environment.
How Does the CIRP Solve It?
Clear Documentation - The CIRP provides comprehensive documentation to prove that your incident response program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
Time Savings - The CIRP can provide your organization with a semi-customized solution that requires minimal resources to fine tune for your organization's specific needs.
Alignment With Leading Practices - The NIST-based CIRP is written to align your organization with leading practices for incident response.
Establish An Incident Response Hierarchy
The CIRP operates at the strategic level to provide guidance to your organization's incident responders. It provides the overall framework that governs incident response across the enterprise with a focus on repeatable processes and sustainable operations. The CIRP breaks down the management of incident response into phases:
Phase 1 - Prepare
Incident Response Operations
Phase 2 - Detect & Analyze
Phase 3 - Contain
Phase 4 - Eradicate
Phase 5 - Recovery
Phase 6 - Report
Phase 7 - Remediate
SEE FOR YOURSELF - EXAMPLE Cybersecurity Incident Response Program (CIRP)
Don't take our word for it - take a look at the examples of NIST 800-61-based Cybersecurity Incident Response Program (CIRP) to see for yourself the level of professionalism and detail that went into it.
CIRP Cost Savings
From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing a documented cybersecurity risk management program. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a CIRP from ComplianceForge is approximately 9% ($13,500+ savings) of the cost as compared to writing your own documentation and 4% ($34,500+ savings) of the cost as compared to hiring a consultant to write it for you!
Can You Honestly Answer HOW Incident Response Is Implemented At Your Organization?
When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as incident response. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Cybersecurity Incident Response Program (CIRP) is one of those products.