Cyber Security Incident Management
Enable a quick, fully auditable response to a Cyber Incident
Built using robust standards as a base
Our Cyber Security Incident management plan pack is based on the following industry standards
ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013.
We used the clauses below in building our plan pack:
- ISO/IEC 27001 standard,
- Clauses A.7.2.3, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.4, A.16.1.5, A.16.1.6, A.16.1.7
The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
We used the following section to guide the building of our plan pack:
- NIST SP 800-61, Computer Security Incident Handling Guide
- NIST SP 800-83, Guide to Malware Incident Prevention and Handling
- NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response
The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates.
We referenced the section below in creating our plan pack.
- SANS Institute Incident Handling Step-by-Step
Ease of Use
Get started quickly
We provide you with a complete set of Cyber Security Incident and Personal Data Breach plans.
Subscribing to this plan pack fast tracks your ability to respond to a Cyber Incident.
The Digital Incident Response plan gives you all the information and steps to identify the type of incident that has occurred, and then to launch the relevant incident plan(s) thereafter.
The incident plans include a virus outbreak, malware outbreak, phishing attack, denial of service attack, privilege escalation, improper usage, root access, unauthorised access.
Simple and easy to use
You can use and execute the plans immediately upon subscription.
The plan pack can be run in simulation mode for practice and refinement, changes can be made to our base plans to suit your environment.
Plans can be executed via an API call or by activating them manually.
Each cyber incident plan has been comprising the pack can be executed individually or from the master plan itself.
After every plan execution, you have access to a full, detailed, comprehensive plan execution report.
Cyber security and Data Privacy
Plans in our pack include plans for data privacy related data breaches.
Broadcast & Response
Build in broadcast features to communicate to all users via text/ sms or email messages, get form based responses as part of your Cyber Security plan execution actions.
Plan action users
Nominate a plan manager and a different action owner for each action. This enables truly distributed task allocation enabling experts to work on sections of the plan that are relevant to them.
Obtain Sign off
All plans can be set to require senior executive sign off after execution, be it a simulation or a live event.
Multiple business units
Subscribe to our Cyber Security Incident plan pack and you can use it across multiple business units or locations.
Our Cyber Security Incident plan pack is copyrighted to Plan4Continuity - You may use and amend this plan as long as you are a subscriber to the service. You do not have permission to use this, copy it, distribute it or sell it outside of the Plan4Continuity service.
Types of Cyber Security Incidents
Our plan pack provides an executable set of plans to deal with all type of cyber security incidents
Denial of Service Attack
Denial-of-service (DoS) attacks focus on disrupting or preventing legitimate users from accessing websites, applications, or other resources.
These attacks have been used by criminal organizations to extort money, by activist groups to ‘make a statement’, by corporate adversaries to deter users of systems and by state actors to punish their adversaries.
Abuse of permissions and tools of the network occurs when the privileges associated with a particular user account or tools on the network are used inappropriately or fraudulently, either maliciously, accidentally or through willful ignorance of policies.
A malware attack is a common cyberattack where malicious software executes unauthorized actions on the victim's system.
The malicious software encompasses many specific types of attacks such as ransomware, spyware, command and control, and more.
When a certain malware is found on more than one device and/or system, it is called a ‘malware outbreak'.
Phishing is a social engineering security attack that attempts to trick targets into divulging sensitive/valuable information.
Sometimes referred to as a “phishing scam,” attackers target users’ login credentials, financial information (such as credit cards or bank accounts), company data, and anything that could potentially be of value.
Privilege escalation is an attack that involves gaining illicit access of elevated rights, or privileges, beyond what is intended or entitled for a user.
This attack can involve an external threat actor or an insider.
Privilege escalation is a key stage of the cyber attack chain and typically involves the exploitation of a privilege escalation vulnerability, such as a system bug, misconfiguration, or inadequate access controls.
Ransomware is malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery.
Like most tactics employed in cyberattacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.
Detection of unauthorized root access.
Root access is a term to denote having full administrator access to a server or services in an organisation.
Having obtained such access a person can cause complete havoc in an organisation.
Compromised credentials, the number one attack vector behind breaches, can give an attacker access to critical assets or systems within your network.
This may cause the loss of confidentiality, integrity, and availability of information technology assets.
Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets.
A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process.
Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application.
When that application runs, it executes the virus code, with results that range from irritating to disastrous.
A Data Breach is an incident, breach of security or wider privacy violation that leads to the accidental or unlawful destruction, unauthorised retention, misuse, loss, alteration, unauthorised disclosure of, or access to, data transmitted, stored or otherwise processed by the organisation, its employees, contractors or service providers.
Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss or restore lost data.
Data theft is the act of stealing digital information stored on computers, servers, or electronic devices of an unknown victim with the intent to compromise privacy or obtain confidential information.
Information can include anything from financial information, like credit card numbers or bank accounts, to personal information, like social security numbers, driver's license numbers, and health records.
Once only the problem of large businesses and organizations, data theft is a growing problem for everyday computer users.
Want to find out more?
Contact us for a demonstration of our full service with a focus on Cyber Security Incidents.