Incident Response – Training, Blue team exercise and Muscle Memory.
First.org recommends this:
Take a scenario that affected another organization and perform a table-top walk through of how your organization would deal with that same incident. At the very least you’ll identify gaps you still have to address. Exercises should be regular and involve a range of participants. It’s important that the senior members of an organization (right up to senior executive management) as well as the technology and other staff participate. The “muscle memory” this will build is invaluable when a real incident occurs.
FlexibleIR provides Needle365.com where you can take a scenario that affected another organization and perform a walk through of how your organization would deal with that same incident. You can also use a Playbook to handle the scenario. At the very least you’ll identify gaps you still have to address.
Table tops and simulations not good enough
Nothing better like handling in your real environment. Table top gives limited capability. Exactly act as if there is a real threat, get relevant Indicators of Compromise (IoCS), search for them in your environment at scale. Look at your logs and see if indicators exist.
FlexibleIR recommends very regular incident drill practice. A quick 30min drill.
You’ll think better
As Don Norman put it in his book Things that make us smart: Defending human attributes in the age of the machine, “The power of the unaided mind is highly overrated. Without external aids, memory, thought, and reasoning are all constrained. […] The real powers come from devising external aids that enhance cognitive abilities.”
FlexibleIR uses high productivity tools like Kanban boards, Mind maps as external aids to enhance cognitive abilities.
FlexibleIR provides a whole set of games to build strong Incident response capabilities. Please contact us to know more about this.