Incident Response Management

Our experienced consultants will partner with your team to plan your response to a cyber incident in New Zealand.

How we can assist:

Tesserent's Incident Response Planning and Testing Services in New Zealand are designed to assist you to critically plan and prepare your response to a significant cyber intrusion, or other incident, affecting key information and Information Technology Systems.

Our cybersecurity services provide experienced support from a team of senior security management resources working with your Information Technology and Senior Management Teams to provide advice on the planning, preparedness, testing and associated processes. From this you will understand the current and future capacity of your organisation to Prepare, Detect, Contain, Eradicate and Recover in the event of a significant cyber incident.

The key elements of the service offering include:

  • Incident Response Assessment
  • Incident Response Planning and Design
    • Incident Response Escalation Plan
    • Incident Response Playbooks
  • Incident Response Testing
    • Tabletop Testing (Gold Teaming: Playing out a scenario to test your wider team’s incident response skills)
    • Hybrid Testing
  • First Responder Training

We start by listening.


Is getting hacked inevitable?

Michael McKinnon, explores the questions: Is getting hacked inevitable? How do you develop an effective response strategy? What common mistakes are made in the heat of the moment when responding to an incident? Where do you start in developing an incident response strategy?

Q&A Video Series

Incident Response Planning and Recovery

Industry experts and practitioners including Mark Smink, CISO JLL and Georg Thomas, CISO Corrs Chambers Westgarth join our panel to discuss best practice Incident Response in New Zealand.

Click here to explore the full video series.

Incident Response Management

Frequently Asked Questions

What is Incident Response Management (IRM) in cybersecurity?

Incident Response Management (IRM) is a systematic approach to handling cybersecurity incidents in an organisation. It involves detecting, containing, analysing, and recovering from security incidents to minimise their impact on the organisation.

What are the common phases of an Incident Response Management (IRM) process?

The common phases of an Incident Response Management (IRM) process are:

  1. Preparation and planning

  2. Detection and analysis

  3. Containment, eradication, and recovery

  4. Post-incident analysis and review.

What are the benefits of Incident Response Management (IRM)?

The benefits of Incident Response Management (IRM) include:

  1. Minimising damage to the organisation's assets and reputation.

  2. Reducing downtime and loss of productivity.

  3. Improving the organisation's ability to respond to future incidents.

  4. Meeting regulatory compliance requirements.

  5. Strengthening the organisation's overall cybersecurity posture.

What are the common challenges faced during the Incident Response Management (IRM) process?

The common challenges faced during the Incident Response Management (IRM) process include:

Lack of preparedness and planning.

Difficulty in detecting and analysing incidents.

Complexity in containing and eradicating incidents.

Lack of resources and expertise.

Limited visibility and communication between teams.

What are the best practices for Incident Response Management (IRM)?

The best practices for Incident Response Management (IRM) include:

  1. Establishing a formal incident response plan.

  2. Training staff on the plan and procedures.

  3. Conducting regular exercises to test the plan and identify areas for improvement.

  4. Documenting and analysing incidents to identify trends and improve response capabilities.

  5. Collaborating with other organisations and sharing threat intelligence to improve incident response.

How can an organisation measure the effectiveness of its Incident Response Management (IRM) process?

An organisation can measure the effectiveness of its Incident Response Management (IRM) process by:

  1. Monitoring key performance indicators (KPIs) such as time to detect, contain, and recover from incidents.

  2. Conducting post-incident reviews to identify areas for improvement.

  3. Comparing its performance with industry benchmarks.

  4. Conducting regular assessments of its incident response capabilities.

What is the role of a Computer Security Incident Response Team (CSIRT) in Incident Response Management (IRM)?

The role of a Computer Security Incident Response Team (CSIRT) is to manage and coordinate the organisation's response to security incidents. The CSIRT is responsible for detecting, analysing, containing, eradicating, and recovering from incidents. They also work to improve the organisation's overall incident response capabilities by developing and maintaining incident response plans, conducting training and exercises, and sharing threat intelligence.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 8 min