Check out our previous blog on “What is a CIRP” if you missed it.
Evolve North have delivered CIRP (Cyber Incident Response Planning) projects into both public and private sectors, regardless of the organisation size or regulatory requirements some observations appear in almost all projects. This is not an exhaustive list, but it provides some good indication of common challenges that need to be considered as part of a CIRP build.
- The CIRP – does not belong to IT or Data Protection, they form a key part of the CIRP.
- CIRP Team – if the CIRP team does not have suitable representation including senior management support it will struggle to respond effectively to a cyber incident.
- This is a Project – the creation of a CIRP should be managed as a small project, involvement of stakeholders in seeking qualification and clarification of the business processes involved is critical.
- A CIRP is not a defence document – the CIRP is a living procedure and designed to provide a practical response.
- Business Continuity/Disaster Recovery Plan – the BCP/DR Plan will support the CIRP depending on the Cyber Incident type, and they need to be cross referenced with the CIRP.
- Communications – communication is often the only tool within the CIRP that an organisation has during many incidents.
- Tabletop Exercise – the effectiveness of a CIRP should be established with some form of tabletop testing, testing the CIRP establishes if it is fit for purpose and allows the CIRP team to practice its response.
There is little doubt that a CIRP will assist an organisation that has suffered a Cyber Incident, taking control of the incident is critical in the management of the technical, procedural and communication response. Having a CIRP team with a clear understanding of its roles and responsibilities ensures an effective response.