This website uses cookies. View our cookie policy
Select regional store:

Cyber incident response management

Cyber attacks continue to make headline news. As cyber attackers gain ground against organizations, institutions and individuals, the threat of becoming a victim of a data breach is now an imminent reality for all companies. The damage, both short-term and long-term, can be very substantial and, for some organizations—even existential.

The changing threat landscape

The cyber threat landscape is constantly changing and new threats are emerging on a daily basis. Today, threats are not only coming from outside the organization but can also come from within. Threats can range from APTs (Advanced Persistent Threats), amateur hackers penetrating organizations often just for fun, to disgruntled employees and full blown cyber armies. Organizations have to defend against every kind of attack while an attacker just needs to find one flaw to penetrate an organization’s network and exploit the vulnerability.


Be prepared for and successfully respond to incidents at the first sign of intrusion

The speed at which you identify a breach, combat the spread of malware, prevent access to data, and remediate the threat will make a significant difference in controlling risk, costs, and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.

With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defense against the attack.


Meet stringent new incident reporting requirements under the EU General Data Protection Regulation

Your clients have a right to know when their data has been hacked under the new EU General Data Protection Regulation, due to be enforced in May 2018. The GDPR specifies that companies and organizations will be required to notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.

Under the Regulation, organizations will need to implement an effective incident response plan to contain any damage in the event of a data breach and to prevent future incidents from occurring. Organizations with EU data subjects should start taking measures now in order to meet the stringent requirements of the Regulation.

Incident response planning is mandated as part of all major cyber security regimes

The international information security standard (ISO 27001) and business continuity standard (ISO 22301) require organizations to develop cyber incident response management (CIR) plans. CIR is also a requirement within the PCI DSS, and the Standard requires that it should be tested at least annually.

Typical phases in a cyber attack

CREST describes the following 3 basic phases of a cyber attack and recommended countermeasures:

1. Reconnaissance

  • Identify target
  • Look for vulnerabilities


  • Monitoring and logging
  • Situational awareness
  • Collaboration

2. Attack target

  • Exploit vulnerabilities
  • Defeat remaining controls


  • Architectural system design
  • Standard controls (i.e. ISO 27001)
  • Penetration testing

3. Achieve objectives

  • Disruption of systems
  • Extraction of data
  • Manipulation of information


  • Cybersecurity incident response planning
  • Business continuity and disaster recovery plans
  • Cybersecurity insurance

The top ten challenges in incident response management

Organizations can have significant difficulty in responding to cybersecurity incidents, particularly sophisticated cybersecurity attacks.

The top ten challenges organizations face in responding to a cybersecurity incident in a fast, effective, and consistent manner are:

  1. Identifying a suspected cybersecurity incident
  2. Establishing the objectives of an investigation and a clean-up operation
  3. Analysing all available information related to the potential cyber security incident
  4. Determining what has actually happened
  5. Identifying what systems, networks, and information (assets) have been compromised
  6. Determining what information has been disclosed to unauthorized parties, stolen, deleted, or corrupted
  7. Finding out who did it and why
  8. Working out how it happened
  9. Determining the potential business impact of the cyber security incident
  10. Conducting sufficient investigation using forensics to identify those responsible

Absence of appropriate skills and inadequate cyber-readiness can significantly increase the duration and cost of a cyber incident.

Few organizations really understand their "state of readiness" to respond to a cybersecurity incident, particularly a serious cybersecurity attack, and are typically not well prepared in terms of people, processes, technology, and information.

Organizations of all types are struggling to deal with cybersecurity incidents effectively, with a growing number of cybersecurity incidents now taking place on a regular basis and causing significant business impact.

The IT Governance Cybersecurity Incident Response consultancy service can help you develop the resilience to protect against, remediate, and recover from a wide range of cyber incidents and is based on best-practice frameworks developed by CREST, ISO 27001, and ISO/IEC 27035 (the international standard for cyber incident response).

Contact us now at 1 877 317 3454 or email us at to discuss your needs with us.


Prepare, respond to and follow up on incidents

Utilising the CREST Cyber Incident response approach and drawing from ISO 27001 and ISO 27035 standards. IT governance can assist you in defining and implementing an effective prepare, respond, and follow up incident response approach as defined below:


  1. Conduct a criticality assessment
  2. Carry out a cyber security threat analysis
  3. Consider the implications of people, process, technology and information
  4. Create an appropriate control framework
  5. Review your state of readiness in cybersecurity incident response


  1. Identify cybersecurity incident/s
  2. Define objectives and investigate the situation
  3. Take appropriate action
  4. Recover systems, data, and connectivity

Follow up:

  1. Investigate incident more thoroughly
  2. Report incident to relevant stakeholders
  3. Carry out a post incident review
  4. Communicate and build on lessons learned
  5. Update key information, controls, and processes
  6. Perform trend analysis

How IT Governance can help

Get started with your incident response planning strategy today with support from IT Governance’s CIR team.

Receive access to an experienced, dedicated technical team who are able to carry out sophisticated cybersecurity incident investigations quickly and effectively.

Identify, detect, and contain incidents faster, mitigate the impact of an incident, and restore services in a trusted manner.

You are never going to eliminate the inevitable from happening but you CAN prepare an effective response plan and do all you can to minimise the impact of a breach when it does happen.

Contact IT Governance today on 1 877 317 3454 or email to find out more.