Tesserent partnered with this Financial Institution to develop their Incident Response Plan

The client was implementing a number of key programmes of work which included projects and initiatives that formed part of its current IT infrastructure, security and risk roadmap, and cybersecurity strategy.

Given the heightened awareness of increasing security breaches and ransomware attacks occurring in the market, the company recognised the importance of having an end-to-end incident response process in place.

The client required a security specialist to develop an Incident Response Plan and to perform an Incident Process Assurance assessment to identify the critical dependencies and to assist in building a suitable assurance regime. The strategic objective was to enable the company to quickly socialise and operationalise an Incident Response process which would:

• manage and prioritise minor incidents,
• enable the company to manage a major cyber incident.

The Tesserent Way

The Cybersecurity Incident Response Management approach included:

• Developing a project plan documenting the specific protocols for all aspects of the assignment such as milestones, target delivery dates for each phase, communication, reporting and areas of special emphasis,
• Review of the artefacts and any operational records that related to the design and operation of the existing response plan,
• An independent review of the existing associated policies and procedures, including the client’s Incident Response Triage and Prioritisation Process – covering but not limited to, the following:
• Impact analysis
• Incident handler declarations
• Incident response roles and responsibilities
• Records and evidence preservation
• War room setup
• Cadence of process
• Appropriate cybersecurity planning/severities

• Meeting with key staff and service providers (if applicable) identified as having a role to play in the Incident Response plan
• Drafting the Incident Response Plan for client review and feedback
• Completion of the Incident Response Plan – aligned with industry recognized frameworks,
• Presentation to stakeholders and project hand-over.

Outcome

The Incident Response Plan has delivered the following benefits:

• Facilitating awareness, understanding and buy-in of the Incident Response Plan through engagement with key staff and stakeholders to obtain input and feedback on plan drafts
• Presentation of a readily adoptable and usable Incident Response Plan and associated documents
• The details of the Incident Response Plan will inform the subsequent Incident Response Playbook development and Incident Process Assurance engagements.

In addition, Tesserent is engaged with the client to develop the associated Incident Response Playbooks, based on identified scenarios, along with Incident Process Assurance – to ensure controls aren’t disabled / degraded maliciously. This will be followed by an Incident Response Exercise – to ensure understanding of staff by and service providers (as applicable), identified as having a role to play in the Incident Response Plan