Prevention, Detection, and Recovery from Cyberattacks Part II

2 Mins read

The second blog post in the series of Prevention, Detection, and Recovery from Cyberattacks.

The global survey conducted by Ponemon Institute and sponsored by IBM Security surveyed 3400 IT and IT security practitioners about their organizations’ approach to becoming resilient to security threats.

The fifth annual Cyber Resilient Organization Report noted that the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans

With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which do not reflect the current threat and business landscape.

We have noted below relevant points (checklist) that will assist your organization to perform a quick review of the incident response plans.

Can you please post how your organization performs the periodic reviews of incident response plans? What do you feel is the best approach?

Review if plans are comprehensive

The comprehensive plan needs to address the six stages listed below:

1. Preparation4. Eradication
2. Identification5. Recovery
3. Containment6. Lessons Learned

The listed below are a few question auditors can ask to conclude if the plans are comprehensive:

  • Team – Is the team ready to handle any kind of threat, have they trained adequately, and do they perform simulation exercises like Tabletop simulation or war games?
  • Identification – Is the process in place to detect and identify the type and criticality of an incident, analyze the impact and associated risks?
  • Containment – Is the process in place to contain and limit the damage, mitigate the risk, resolve the attack, and resume business?
  • Eradication – Does the organization have a problem resolution team or third-party support to identify and eradicate the root cause?
  • Recovery and lesson learned – Does the organization have a process in place to analyze and modify the plan post-attack to prevent future ones?
  • Communication – Communication is the key when an attack is underway, so ensure that you establish a good communication flow as part of your response plan?


Auditing and reviews allow an organization to validate its compliance effectiveness with the incident management standards they have set for themselves and to measure the risk appetite. Below are some standards for your ready reference:

StandardsIncident Management Control Reference
NIST Cybersecurity FrameworkPR.IP-9, PR.IP-10, DE.AE-4, DE.AE-5, DE.DP-4, RS.RP-1, RS.CO-1, RS.CO-2, RS.CO-3, RS.CO-4, RS.CO-5, RS.AN-1, RS.AN-2, RS.AN-3, RS.AN-4, RS.MI-1, RS.MI-2, RS.MI-3, RS.IM-1, RS.IM-2, RC.RP-1, RC.IM-1, RC.IM-2, RC.CO-1, RC.CO-2, RC.CO-3
FIPS PublicationsAll current FIPS Publications especially FIPS 140-2
NIST 800-53 (rev4)IR-1 to IR-8
NIST 800 SeriesNIST SP 800-61, NIST SP 800-86
HIPAA / HITECHHIPAA 164.308(a)(6)
NERC CIP (v5)CIP-008-5
ISO 27000: 2013Section A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.4, A.16.1.5, A16.1.6
CIS Critical Controls (v6.1)CIS Control 19
PCI DSSSection 12.10.2, 12.10.3, 12.10.4, 12.10.5, and 12.10.6 

RELATED POST: Prevention, Detection, and Recovery from Cyberattacks Part I

Related posts

Everything You Need to Know About DoD CMMC - CMMC Background

2 Mins read
In March 2020, Visser Precision Manufacturing confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft…

Artificial Intelligence Policy - Part II

3 Mins read
In Part-I we discussed advantages, security and compliance consideration, challenges and governance aspects of AI. The Part-II is about developing AI policies….

Prevention, Detection, and Recovery from Cyberattacks Part I

3 Mins read
During the team discussion about next-gen tools and techniques for prevention, detection, and recovery from cyberattacks, we started looking at some of…

Leave a Reply

Your email address will not be published. Required fields are marked *