The Human Side of Incident Response
Anyone who has heard me (Jennifer Lyn Walker) speak (on the Cyber Threat Briefing, at a conference, or podcast) knows that I like to focus on the human side of cybersecurity. Therefore, it should come as no surprise that this post – Tackle the Human Side of Incident Response with SOAR and Threat Intelligence – by Flashpoint resonates with me.
Indicators of Compromise (IoCs) are provisional, but humans are predictable. Flashpoint discusses the importance of thinking like an attacker – the people that are behind every cyber threat – to understand their next move, including IoC’s they may use. Thinking like an attacker will help improve your incident response by honing in on human behaviors to better understand:
- Motives to unearth why and what attackers are after.
- Tendencies to identify which exploits and attack methods they’ll use.
- Targets to assess your value at risk (VaR).
While you may not have the resources to develop a comprehensive profile on each adversary, there is value in understanding the importance of this exercise, and therefore leveraging information and intelligence from those that do. For a deeper dive, check out Flashpoint’s Human Side of Incident Response presentation at SocStock2020 today (December 3, 2020) at 4:30 PM EST. For a topical overview, visit the blog post at Flashpoint.
A Breakdown of Canada’s OT and IT Cyber Incident Response Plan (CIRP)
Since cyber incident response planning is so crucial, we have another exercise to help bolster your plans. Given that IRPs are not a one-and-done initiative and must be regularly reviewed – at the very least after an incident or exercise – there is utility in referencing plans that others have developed. Verve Industrial has done just that with Canada’s OT and IT Cyber Incident Response Plan (CIRP). CIRP is a collaborative guide between Public Safety Canada (PSC) and several industry partners/agencies and is a great foundation for future work. However, according to Verve, for some, it provides flexibility and speed, and for others, it is not prescriptive enough. So dive in with Verve for some critical thinking on incident response planning. Access the CIRP breakdown at Verve Industrial.