Cyber Incident Response Management
Cyber Incident Response Management Datasheet
Did you know? Only 37% of organisations have a CIR plan. [PwC Global Economic Crime Survey 2016] Of 1,523 companies surveyed by the UK government, only a third have a formal policy that covers cyber security risks (33%), or document these risks in business continuity plans, internal audits or risk registers (32%). [Cyber Security Breaches Survey 2017 – DCMS] Only one in ten businesses have implemented a CIR management plan. [Cyber Security Breaches Survey 2017 – DCMS]
A legal requirement of local and international standards and regulations Under the EU General Data Protection Regulation (GDPR), organisations will need to implement an effective incident response plan to contain any damage in the event of a data breach, and to prevent future incidents from occurring. Incident response planning is also mandated as part of all major cyber security regimes. The international information security standard ISO 27001 (ISMS) and business continuity standard ISO 22301 (BCMS) require organisations to develop cyber incident response (CIR) management plans. CIR is also a requirement of the Payment Card Industry Data Security Standard (PCI DSS), which requires that a CIR management framework should be tested at least annually. Similarly, UK government departments have a responsibility to report cyber incidents under the terms laid out in the Security Policy Framework (SPF) issued by the Cabinet Office, effectively mandating a CIR for such organisations as well. A CIR management plan can help: • Recognise a suspected cyber security incident; • Analyse all available information relating to the potential cyber security incident; • Uncover what actually happened; • Establish how it happened; • Identify what systems, networks and information assets have been compromised; • Ascertain what information has been stolen, deleted, corrupted or disclosed to unauthorised parties; and • Determine the potential business impact of the cyber security incident.
Protect • Comply • Thrive
IT Governance can help you define and implement an effective prepare, respond and follow-up incident response approach. Our service will provide you with a detailed action plan and personnel training to mitigate the impact of any incident and restore services in a trusted and timely manner.
Features
Benefits
• Identify critical assets. • Identify risks, vulnerabilities and threat exposure. • Business impact analysis. • Advice on forming the incident response team. • Develop clear and concise incident response plans. • Test incident scenarios. • Incident response training. • Establish a framework for continual improvement. • Review existing cyber security controls.
• Reduces overall organisational and cyber risk. • Improves cyber resilience. • Lowers cyber insurance premiums. • Provides assurance to prospective clients, investors and the board. • Minimal disruption to the business. • Expert advice from a leading CREST-certified consultancy. • Tailored to your organisational needs and business requirements. • Reduces incident impact and response times. • Additional services such as penetration testing can also be provided.
Planning Planning service
No
Training Training service provided
Yes
How the training service works
The IT Governance training programme is built on the foundations of our extensive practical experience designing and implementing management systems. Our training courses offer a structured learning path from Foundation to Advanced level for IT practitioners and lead implementers, and help to develop the skills needed to deliver best practice and compliance. They also provide the tools for career advancement via industry-standard qualifications and increased peer recognition. IT Governance delivers certified training courses in the following areas: • Information security • Cyber security • PCI DSS • Business continuity • Data protection • Governance • Service management
Training tied to specific services
No
Set-up and migration Set-up or migration service available
No
Quality assurance and performance testing Quality assurance and performance testing service
No
Security testing Security testing service
Yes
Security testing type
Penetration testing IT health checks Risk analysis
Other security testing
Cyber security audit Vulnerability scanning Employee phishing vulnerability assessment Wireless network penetration testing Combined infrastructure and web application penetration testing Cyber Essentials
Accredited security testers
Yes
Security testing accreditations
CREST
Certified Professional (CCP) risk analysts
Yes
Ongoing support Ongoing support service No
Service scope Service constraints There are no constraints. IT Governance Ltd consultancy services are available on site and remotely.
User support Email or online ticketing support
Yes
Support response times
IT Governance has an email support contact address [email protected], and clients are provided with account manager email contacts and consultant contact details. Email enquiries are typically responded to within 24 hours, 9am - 5.00pm, Monday to Friday.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9am to 5pm (UK time), Monday to Friday
Web chat support
Yes
Web chat support availability 9am to 5pm (UK time), Monday to Friday
Web chat support accessibility standard
N/A
Resellers
Web chat support access
Web chat is available via the IT Governance Ltd website www.itgovernance.co.uk
Web chat accessibility testing
N/A
Support levels
All cyber security consultancy projects are overseen by the Head head of Cyber cyber Security security and an account manager. Projects are delivered by qualified cyber security consultants. There is no difference in the cost of the support levels provided.
Supplier type
Not a reseller
Staff security Staff security clearance
Conforms to BS 7858:2012
Government security clearance
Up to Security Clearance (SC)
Pricing Pricing document
View PDF
Skills Framework for the Information Age (SFIA) rate card
View PDF
Contact IT Governance Ltd Service Centre +44 (0)333 800 7000 [email protected]
Why IT Governance? IT Governance is widely recognised by UKAS-accredited certification bodies as a leading consultancy company and is listed on the following: • • • • • • • • •
BSI Management Systems UK Associate Consultant Programme Bureau Veritas Certification approved list for the implementation and management of ISO 27001 and ISO 20000 Alcumus ISOQAR consultant database LRQA’s Consultant Network G-Cloud 9 NQA consultant database DNV Consultant Gateway International Board for IT Governance Qualifications (IBITGQ) Institute of Information Security Professionals (IISP)
Our credentials and corporate certificates:
IT Governance Ltd Unit 3, Clive Court, Bartholomew’s Walk Cambridgeshire Business Park, Ely, Cambs. CB7 4EA. United Kingdom. /ITGovernanceLtd
t: +44 (0)333 800 7000 e: [email protected] w: www.itgovernance.co.uk
/ITGovernanceLtd
/ITGovernanceLtd
Did you know? Only 37% of organisations have a CIR plan. [PwC Global Economic Crime Survey 2016] Of 1,523 companies surveyed by the UK government, only a third have a formal policy that covers cyber security risks (33%), or document these risks in business continuity plans, internal audits or risk registers (32%). [Cyber Security Breaches Survey 2017 – DCMS] Only one in ten businesses have implemented a CIR management plan. [Cyber Security Breaches Survey 2017 – DCMS]
A legal requirement of local and international standards and regulations Under the EU General Data Protection Regulation (GDPR), organisations will need to implement an effective incident response plan to contain any damage in the event of a data breach, and to prevent future incidents from occurring. Incident response planning is also mandated as part of all major cyber security regimes. The international information security standard ISO 27001 (ISMS) and business continuity standard ISO 22301 (BCMS) require organisations to develop cyber incident response (CIR) management plans. CIR is also a requirement of the Payment Card Industry Data Security Standard (PCI DSS), which requires that a CIR management framework should be tested at least annually. Similarly, UK government departments have a responsibility to report cyber incidents under the terms laid out in the Security Policy Framework (SPF) issued by the Cabinet Office, effectively mandating a CIR for such organisations as well. A CIR management plan can help: • Recognise a suspected cyber security incident; • Analyse all available information relating to the potential cyber security incident; • Uncover what actually happened; • Establish how it happened; • Identify what systems, networks and information assets have been compromised; • Ascertain what information has been stolen, deleted, corrupted or disclosed to unauthorised parties; and • Determine the potential business impact of the cyber security incident.
Protect • Comply • Thrive
IT Governance can help you define and implement an effective prepare, respond and follow-up incident response approach. Our service will provide you with a detailed action plan and personnel training to mitigate the impact of any incident and restore services in a trusted and timely manner.
Features
Benefits
• Identify critical assets. • Identify risks, vulnerabilities and threat exposure. • Business impact analysis. • Advice on forming the incident response team. • Develop clear and concise incident response plans. • Test incident scenarios. • Incident response training. • Establish a framework for continual improvement. • Review existing cyber security controls.
• Reduces overall organisational and cyber risk. • Improves cyber resilience. • Lowers cyber insurance premiums. • Provides assurance to prospective clients, investors and the board. • Minimal disruption to the business. • Expert advice from a leading CREST-certified consultancy. • Tailored to your organisational needs and business requirements. • Reduces incident impact and response times. • Additional services such as penetration testing can also be provided.
Planning Planning service
No
Training Training service provided
Yes
How the training service works
The IT Governance training programme is built on the foundations of our extensive practical experience designing and implementing management systems. Our training courses offer a structured learning path from Foundation to Advanced level for IT practitioners and lead implementers, and help to develop the skills needed to deliver best practice and compliance. They also provide the tools for career advancement via industry-standard qualifications and increased peer recognition. IT Governance delivers certified training courses in the following areas: • Information security • Cyber security • PCI DSS • Business continuity • Data protection • Governance • Service management
Training tied to specific services
No
Set-up and migration Set-up or migration service available
No
Quality assurance and performance testing Quality assurance and performance testing service
No
Security testing Security testing service
Yes
Security testing type
Penetration testing IT health checks Risk analysis
Other security testing
Cyber security audit Vulnerability scanning Employee phishing vulnerability assessment Wireless network penetration testing Combined infrastructure and web application penetration testing Cyber Essentials
Accredited security testers
Yes
Security testing accreditations
CREST
Certified Professional (CCP) risk analysts
Yes
Ongoing support Ongoing support service No
Service scope Service constraints There are no constraints. IT Governance Ltd consultancy services are available on site and remotely.
User support Email or online ticketing support
Yes
Support response times
IT Governance has an email support contact address [email protected], and clients are provided with account manager email contacts and consultant contact details. Email enquiries are typically responded to within 24 hours, 9am - 5.00pm, Monday to Friday.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9am to 5pm (UK time), Monday to Friday
Web chat support
Yes
Web chat support availability 9am to 5pm (UK time), Monday to Friday
Web chat support accessibility standard
N/A
Resellers
Web chat support access
Web chat is available via the IT Governance Ltd website www.itgovernance.co.uk
Web chat accessibility testing
N/A
Support levels
All cyber security consultancy projects are overseen by the Head head of Cyber cyber Security security and an account manager. Projects are delivered by qualified cyber security consultants. There is no difference in the cost of the support levels provided.
Supplier type
Not a reseller
Staff security Staff security clearance
Conforms to BS 7858:2012
Government security clearance
Up to Security Clearance (SC)
Pricing Pricing document
View PDF
Skills Framework for the Information Age (SFIA) rate card
View PDF
Contact IT Governance Ltd Service Centre +44 (0)333 800 7000 [email protected]
Why IT Governance? IT Governance is widely recognised by UKAS-accredited certification bodies as a leading consultancy company and is listed on the following: • • • • • • • • •
BSI Management Systems UK Associate Consultant Programme Bureau Veritas Certification approved list for the implementation and management of ISO 27001 and ISO 20000 Alcumus ISOQAR consultant database LRQA’s Consultant Network G-Cloud 9 NQA consultant database DNV Consultant Gateway International Board for IT Governance Qualifications (IBITGQ) Institute of Information Security Professionals (IISP)
Our credentials and corporate certificates:
IT Governance Ltd Unit 3, Clive Court, Bartholomew’s Walk Cambridgeshire Business Park, Ely, Cambs. CB7 4EA. United Kingdom. /ITGovernanceLtd
t: +44 (0)333 800 7000 e: [email protected] w: www.itgovernance.co.uk
/ITGovernanceLtd
/ITGovernanceLtd
