Cyber Incident Response

Increasing Your Cyber Effectiveness, Decreasing Your Cyber Expenditure

The only way to mitigate the reputational and financial damage of a security incident is to handle it well.

CTRL Group works collaboratively with organizations to assess their cyber incident readiness and understand their security posture to inform the development of a tailored incident response plan. As part of developing an incident response plan, the protocols crafted will be put to the test via a threat simulation exercise that runs the crisis management team through a set of events that mimic real life cyber risk incidents.

The incident response plan is frequently updated and improved based on an organizations threat environment and strategic security plans.

Complementing the incident response plan is the advice CTRL Group offers to organizations’ regarding their security maturity and how it ties into their insurance policies, security policies and security governance frameworks.
Why Is This Important

Effective coordination when handling cyber incidents.
Clear guidelines on engaging all stakeholders such as regulators, customers and investors to name a few.
Ensuring compliance with key regulations and standards.

FAQ’s

What is included in an Incident Response offering?

Two workshops with your executive team and an incident response plan. The incident readiness workshop helps us understand your incident readiness, to raise awareness to the possible outcomes of a breach and to directly infom how we draft the incident response plan. The incident response plan is tailored to your organisation, its threats, stakeholder requirements and expectations. The Final stage is testing the plan through a tabletop exercise using a day by day model of a breach we record what you do well, what can be improved and what actions should be avoided.

What information will I need to provide to define the scope of an Incident Response engagement?

Any Existing crisis management or communications plans your organisation has. In addition a list of candidates and their secondaries who make up the strategic crisis team.

What is the level of involvement and support required from my team?

Your team will need to be present for the two workshops each approximately 90minutes to two hours long. Your Incident Lead will also need to review approve and provide supplemental information regarding external contacts, internal and external communications and notification processes.

How is my data handled?

Information you provide us is stored in the risk and compliance directory of CTRL Groups Sharepoint, only risk team members assigned to your project are able to view and access that information. All information sharing internally is conducted though sharepoint links and access is monitored and reviewed by the team leader daily.

When can I say my organisation is prepared to handle a Cyber Incident?

At the successful completion of a threat simulation and taking on the lessons learned from it, your team and organisation will be in the best position to handle a major cyber incident. While having a plan in place is a great step, without testing it and preparing your team the risk of an imperfect execution exposes your organisation to the reputational and financial damage a poorly handled incident presents.