Incident Response Self-Assessment

Incidents Happen, How Prepared is Your Organization? 

The nature of threats and Incident Response (IR) is an ever-changing landscape. In order to stay on top of this — and security in general —  you need to understand the risk and be ready to act when the threat becomes a reality. However, doing so presents a huge challenge. Even with this huge challenge, the lack of an IR program ends up presenting a greater challenge in the long run and puts your org at risk. Organizations that lack the resources to respond to a security incident should consider engaging a third-party to manage their IR program. 

If you needed more convincing, here are some industry statistics that you need to consider.  

– Roughly 65% of security professionals believe their organizations will come under attack from a major security breach, while 77% are anticipating a breach to US critical infrastructure within the next two years (Black Hat 2019). 

– A majority of security professionals believe that the government and – private sector are ill-equipped (lack of staffing or budget) to respond to incidents (Black Hat 2019). 

– About 22% of respondents have temporary or no incident response resources in place (BAE Systems 2019

– 23% of IR teams do not perform any readiness exercises with upper management (BAE Systems 2019

– BitSight reported that 41% of survey respondents would refuse business or terminate existing business relationships due to poor cybersecurity practices (BitSight 2019). 

Verizon’s 2020 Data Breach Investigations Report details the following: 

  • 8% of breaches were Misuse by authorized users. 
  • 70% of breaches were by External actors. 
  • 43% of breaches involved Web Applications. 
  • 86% of breaches were financially motivated. 
  • 28% of breaches involved small business victims. 

Incident Response Effectiveness is the SUM of successfully executing all the Incident Response phases. The preparation phase is key to ensuring your organization’s ability to carry out the remaining phases of your organization IR capabilities.  

This poses the question… “How prepared is your organization to respond to a security incident?” 

Incident Response Self-Assessment Questionnaire 

To assist you with answering this question, we created an Incident Response Self-Assessment. This will help you determine the effectiveness of your current IR strategy and where you have room for improvement.  

Instructions: 

  1. Answer each question either Yes or No. 
  1. If you answered, YES then give yourself the points for that question. Using the first question as an example, if your organization is in the process of organization an IR plan, you might give yourself  2 out of 15 points. If you have a plan but it is not very sophisticated, you might give yourself a 6 out of 15 points. 
  1. Add up all your points and reference the scores below the survey 

Questions

15 points — Has your organization developed and documented an Incident Response Policy and Plan?
10 points — Does your organization test its Incident Response plan and make improvements? 
5 points — Does your organization define and prioritize incidents? 
5 points —Does your organization coordinate IR activities with other key stakeholders such as Legal, HR, Public Relation/marketing, C-Suite, IT departments (Networking, DBAs, SAs, Engineering), Employees, and External Stakeholders. 
10 points —Does your organization have a Computer Security Incident Response Team (CSIRT)? 
15 points —Does your org. maintain logs for all network, IDS, IPS, endpoint devices? 
10 points —Does your organization perform assessments to identify risk factors and evaluate the risk associated with those threat? 
10 points —Does your organization perform regular system and user level backups? 
5 points —Does your organization have an Incident Reporting capability for end users? (dedicated Incident Reporting Hotline, Incident Ticket) 
15 points —Does your organization provide Security Awareness Training to include identification of suspicious activity? 

= Total out of 100 points

Final Score: 

80-100 points – Effective 

  • Your organization has the minimum requirements for incident response preparedness.  

60-79  points – Moderately(somewhat) Effective  

  • Your organization barely has what is needed to response to an incident. Your organization is missing critical components of an Incident Response Strategy and may incur higher costs and loss of data due to an incident. 

Less than 60 points – Ineffective (not effective) 

  • Your organization’s IR capability is severely deteriorated. This increases the likelihood of an incident that will result in higher costs to restore business operations, major impact to confidentiality and integrity of data and systems, and serious damage to your organizations reputation.    

Next steps for your Incident Response Strategy: 

Based on your survey score, you should now have a better idea of how prepared your organization is in responding to a security incident. Your organization’s ability to effectively respond after a breach is strengthened by the implementation of an IR Team and Incident Response Plan. IBM found that the combination of an Incident Response Team and Incident Response plan testing lowered the total cost of data breached by at least $360,000 (IBM 2019).  

If you need help strengthening your IR strategy, you don’t have to go it alone. MindPoint Group offers a variety of services and solutions to strengthen cybersecurity posture. Contact us to learn more: 

Additional Resources: 

Cybersecurity Transformation 

Governance., Risk, and Compliance 

Security Operations 

Security Automation 

Sources: 

Bilal Khan
Latest posts by Bilal Khan (see all)