Cyber Security Incident Response High-level Maturity Assessment Tool



Similar documents
A Guide to the Cyber Essentials Scheme

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

The Next Generation of Security Leaders

Chief Information Officer

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Michelle Govan & Anand Philip Network & Security Engineering

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

QuickBooks Business Accounting Software for Windows

Resilience and Cyber Essentials

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May Dear Sir or Madam,

CYBER SECURITY FOUNDATION - OUTLINE

REPORT. Next steps in cyber security

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

Market Pricing Override

Website for online application/self service is:

CYBER SECURITY TRAINING SAFE AND SECURE

Release: 1. ICA60308 Advanced Diploma of Information Technology (E-Security)

Microsoft Courses. Microsoft Office 2007

In-Depth Guide Advanced Spreadsheet Techniques

Technology and Cyber Resilience Benchmarking Report December 2013

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS

Oracle Database Security Services

How to backup with R1soft

CYBER RISK INTERNATIONAL COMPANY PROFILE

A. BACK UP YOUR CURRENT DATA. QuickBooks Business Accounting Software for Windows Account Conversion Instructions

Developing National Frameworks & Engaging the Private Sector

Western Australian Auditor General s Report. Information Systems Audit Report

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Welcome to the handling payments topic. 2-1

Configuring Data Masking

MTA Course: Windows Operating System Fundamentals Topic: Understand backup and recovery methods File name: 10753_WindowsOS_SA_6.

Cyber Security Incident Response Guide. Version 1

Monthly Payroll to Finance Reconciliation Report: Access and Instructions

Cyber Essentials Scheme

Cyber Incident Response

HireTouch Sending Applicant Correspondences ( s)

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

Working together with Word, Excel and PowerPoint 2013

Overview TECHIS Manage information security business resilience activities

Developing a Mature Security Operations Center

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

ESKISP Conduct security testing, under supervision

5 TIPS FOR MAXIMIZING THE VALUE OF YOUR SECURITY ASSESSMENT

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

G-Cloud Definition of Services Security Penetration Testing

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

CBEST Implementation Guide

Health Informatics Service Accreditation Manual. Assessment Process. May 2013, Version 1

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

White Paper on Financial Institution Vendor Management

ACADEMIC TECHNOLOGY SUPPORT

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Bus incident management planning: Guidelines

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Visual Aids. Release 2.4 Version 1.1

Site Waste Management Plan Tracker User Guide

Excel Reports and Macros

Hands-On Practice. Using Notebook Software in the Office

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

Ernie Hayden CISSP CEH Executive Consultant

Create a Job Requisition. Create a Job Requisition. Concept

Procuring Penetration Testing Services

Risk appetite as a dynamic management tool

Central Commissioning Facility Research Management Systems (RMS): User Guidance

TheFinancialEdge. Fast! Guide

Cyber Security Evolved

Instructions for applying data validation(s) to data fields in Microsoft Excel

Cyber Security key emerging risk Q3 2015

NNIT Cybersecurity. A new threat landscape requires a new approach

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Cyber Security Operations Associate

PCI DSS READINESS AND RESPONSE

Document ID. Cyber security for substation automation products and systems

Integrating Oracle Sales Cloud, Release 9 with JD Edwards EnterpriseOne release 9.1 Implementation Guide

System requirements 2. Overview 3. My profile 5. System settings 6. Student access 10. Setting up 11. Creating classes 11

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Transcription:

Cyber Security Incident Response High-level Maturity Assessment Tool Introduction Overview Many organisations are extremely concerned about potential and actual cyber security attacks, both on their own organisations and in ones similar to them. Dealing with cyber security incidents particularly sophisticated cyber security attacks can be a very difficult task, even for the most advanced organisations. Each organisation should therefore develop an appropriate cyber security incident response capability, which will enable them to adopt a systematic, structured approach to cyber security incident response. Your cyber security incident response capability should consist of appropriately skilled people guided by well-designed, repeatable processes and effective use of relevant technologies that will enable you to conduct a thorough investigation and successfully eradicate adversaries who are deeply embedded in your environment. However, many organisations do not know their state of readiness to be able to respond to a cyber security incident in a fast, effective manner. One of the best ways to help determine this is to measure the level of maturity of your cyber security incident response capability in terms of: People, process, technology and information Preparedness, response and follow up activities This assessment tool provides a mechanism for carrying out an assessment of the level of maturity an organisation has for their cyber security incident response capability at a high level. It can be used to assess your state of readiness in being able to respond to a cyber security incident in a fast, effective and secure manner. Note: There is also a Detailed Maturity Assessment Tool available, which allows an assessment to be made to determine the level of maturity of your cyber security incident response capability in depth. Cyber Security Incident response process This tool provides a high-level assessment against a maturity model that is based on the 15 steps within the 3 phase Cyber Security Incident response process presented in the CREST Cyber Security Incident Response Guide, as shown in the diagram below. Instructions on how the tool works and how it can be used can be found on the Guidelines worksheet.

Acknowledgements CREST would like to extend its special thanks to those CREST member organisations and third parties who took part in interviews, participated in the workshop and completed questionnaires. Warning This Guide has been produced with care and to the best of our ability. However, CREST accepts no responsibility for any problems or incidents arising from its use. Credits This tool has been developed for CREST by CREST 2014

Cyber Security Incident Response High-level Maturity Assessment Tool Guidelines Maturity model To deal with a cyber security incident quickly and effectively you will need to build an appropriate cyber security incident response capability, the maturity of which can be assessed against an appropriate maturity model by using this assessment tool. The maturity model used in this tool is based on a traditional, proven model shown below. This model can be used to determine the level of maturity of an organisation cyber security incident response capability, ranging from 1 (least effective) to 5 (most effective). Different types of organisation will require different levels of maturity in cyber security incident response. For example, a small company operating in the retail business will not have the same requirement or ability to respond to cyber security incidents in the same way as a major corporate organisation in the finance sector or a government department. Consequently, the level of maturity your organisation has in cyber security incident response should be reviewed in context and compared to your actual requirements for such a capability. The maturity of your organisation can then be compared with other similar organisation to help determine if the level of maturity is appropriate. Note: The maturity of the cyber security incident response capability can play a significant role in determining the level of third-party involvement required during a breach investigation and eradication event. Organisations with mature cyber security incident response capabilities may conduct most of their operations in-house, while those who are less mature may depend entirely on third parties.

How to use the tool This tool allows an assessment to be made to determine the level of maturity of an organisations cyber security incident response capability at a high level. It is based on a simple selection of the level of maturity for each of the 15 steps. A weighting factor can be set to give the results for particular steps more importance than others. The selected levels of maturity are then displayed graphically for each of the three phases and overall. Calculations are based on a carefully designed algorithm that takes account of both the level of maturity selected for each step and the step's given weighting. Step 1 - Complete the details for the environment being assessed in the Profile and Scope worksheet using the text boxes and drop-down lists provided. The name entered for Name of Area of Assessment will automatically appear on the Results worksheet. Step 2 - On the Configuration worksheet use the checkboxes next to each step to deselect any steps not appropriate to the assessment. Then use the first column of drop-down lists to select the target level of maturity required for each step. Any steps you feel warrant greater importance can be given a higher weighting using the second column of drop-down lists. Evidence required to support responses can be entered in the Evidence column. Note: The weighting values set on the Configuration worksheet can be overriden on the Assessment worksheet. If you are configuring the tool for a respondent and do not want these weightings to be changed, use the Lock weighting and/or Hide weighting buttons as appropriate, and then hide the Configuration worksheet by right-clicking on the relevant tab at the bottom of this spreadsheet and choosing Hide. Step 3 - Carry out the assessment by selecting the appropriate level of maturity within the assessed environment for each step using the drop-down lists on the Assessment worksheet. Any additional comments can be entered in the Comments column. Step 4 - Review a summary of the results using the Results worksheet to gain a high level picture of the overall level of maturity for the environment assessed. Note: You may wish to consider conducting a more in-depth assessment of one or more elements of your cyber security incident response capability by using the Detailed Maturity Assessment Tool.

Cyber Security Incident Response High-level Maturity Assessment Tool Scope of assessment All fields marked * MUST be completed Name of area of assessment * Production control Business unit (or equivalent) * UK branches Organisation * Acme Mfg Ltd Sector * Scope of assessment * Key components

Respondent details All fields marked * MUST be completed Date of assessment * 2014-02-02 Name of respondent * John Smith Role or position * CISO Department * InfoSec Organisation * Acme Mfg Ltd Type of assessment * Internal External Qualifications of assessor - CREST * Certified Qualifications of assessor - other * CISSP

Configuration Phase 1 - Prepare Not selected Target maturity level Weighting Evidence required Step 1 - Conduct a criticality assessment for your organisation Step 2 - Carry out a cyber security threat analysis, supported by realistic scenarios and rehearsals Step 3 - Consider the implications of people, process and technology Step 4 - Create an appropriate control environment Step 5 - Review your state of readiness in cyber security response Phase 2 - Respond Step 1 - Identify cyber security incident Step 2 - Define objectives and investigate situation Step 3 - Take appropriate action Step 4 - Recover systems, data and connectivity

Phase 3 - Follow Up Step 1 - Investigate incident more thoroughly Step 2 - Report incident to relevant stakeholders Step 3 - Carry out a post incident investigation review Step 4 - Communicate and build on lessons learned Step 5 - Update key information, controls and processes Step 6 - Perform trend analysis

High-level assessment Statement Level of maturity Weighting Evidence Comments Phase 1 - Prepare Step 1 - Conduct a criticality assessment for your organisation Step 2 - Carry out a cyber security threat analysis, supported by realistic scenarios and rehearsals Step 3 - Consider the implications of people, process and technology Step 4 - Create an appropriate control environment Step 5 - Review your state of readiness in cyber security response Phase 2 - Respond Step 1 - Identify cyber security incident Step 2 - Define objectives and investigate situation Step 3 - Take appropriate action Step 4 - Recover systems, data and connectivity Phase 3 - Follow Up Step 1 - Investigate incident more thoroughly Step 2 - Report incident to relevant stakeholders Step 3 - Carry out a post incident investigation review Step 4 - Communicate and build on lessons learned Step 5 - Update key information, controls and processes Step 6 - Perform trend analysis

Aggregated maturity level results for Production control Cyber Security Incident Response Maturity level (1 to 5) Target maturity (1 to 5) CSIR - Overall 1.2 1.6 Phase 1 - Prepare 0.8 1.3 Step 1 - Criticality assessment 1 3 3.6 - Trend analysis 1.1 - Criticality assessment 5 1.2 - Threat analysis Step 2 - Threat analysis 2 3 Step 3 - People, Process, Technology and Information 1 4 3.5 - Updating 4 3 1.3 - People, Process, Technology and Information Step 4 - Control environment Step 5 - Maturity assessment 3 3 3.4 - Lessons learned 2 1 1.4 - Control environment Phase 2 - Respond 0.8 1.4 Step 1 - Identification 2 2 3.3 - Post incident review 0 1.5 - Maturity assessment Step 2 - Investigation 3 2 Step 3 - Action 1 3 3.2 - Reporting 2.1 - Identification Step 4 - Recovery 1 4 Phase 3 - Follow up 2.2 2.0 Step 1 - Incident investigation 2 2 3.1 - Incident investigation 2.4 - Recovery 2.3 - Action 2.2 - Investigation Step 2 - Reporting 2 2 Step 3 - Post incident review 3 2 Step 4 - Lessons learned 4 1 Step 5 - Updating 3 4 Step 6 - Trend analysis 4 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information