Select regional store:

Cyber incident response management

Cyber attacks continue to make headline news. As cyber attackers gain ground against organisations, institutions and individuals, the threat of becoming a victim of a data breach is now an imminent reality for all companies. The damage, both short-term and long-term, can be very substantial and, for some organisations - even existential.


The changing threat landscape

The cyber threat landscape is constantly changing and new threats are emerging on a daily basis. Today, threats are not only coming from outside the organisation but can also come from within. Threats can range from APT’s (Advanced Persistent Threats), amateur hackers penetrating organisations often just for fun, to disgruntled employees and full blown cyber armies. Organisations have to defend against every kind of attack, while an attacker just needs to find one flaw to penetrate an organisation’s network and exploit the vulnerability.


Be prepared for and successfully respond to incidents at the first sign of intrusion

The speed at which you identify a breach, combat the spread of malware, prevent access to data, and remediate the threat will make a significant difference in controlling risk, costs, and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.

With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defence against the attack.


Meet stringent new incident reporting requirements under the EU General Data Protection Regulation

Your clients have a right to know when their data has been hacked under the new EU General Data Protection Regulation, due to be enforced in May 2018. The GDPR specifies that companies and organisations will be required to notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.

Under the Regulation, organisations will need to implement an effective incident response plan to contain any damage in the event of a data breach, and to prevent future incidents from occurring. Organisations with EU data subjects should start taking measures now in order to meet the stringent requirements of the Regulation.

Incident response planning is mandated as part of all major cyber security regimes

The international information security standard (ISO 27001) and business continuity standard (ISO 22301) require organisations to develop cyber incident response management (CIR) plans. CIR is also a requirement within the PCI DSS, and the Standard requires that it should be tested at least annually.

UK Government departments, too, have a responsibility to report cyber incidents under the terms laid out in the SPF, issued by Cabinet Office, effectively mandating a CIR for such organisations as well.

Typical phases in a cyber attack

CREST describes the following 3 basic phases of a cyber attack and recommended countermeasures:

1. Reconnaissance

  • Identify target
  • Look for vulnerabilities


  • Monitoring and logging
  • Situational awareness
  • Collaboration

2. Attack target

  • Exploit vulnerabilities
  • Defeat remaining controls


  • Architectural system design
  • Standard controls (i.e. ISO 27001)
  • Penetration testing

3. Achieve objectives

  • Disruption of systems
  • Extraction of data
  • Manipulation of information


  • Cyber security incident response planning
  • Business continuity and disaster recovery plans
  • Cyber security insurance

The top ten challenges in incident response management

Organisations can have significant difficulty in responding to cyber security incidents, particularly sophisticated cyber security attacks.

The top ten challenges organisations face in responding to a cyber security incident in a fast, effective and consistent manner are:

  1. Identifying a suspected cyber security incident;
  2. Establishing the objectives of an investigation and a clean-up operation;
  3. Analysing all available information related to the potential cyber security incident;
  4. Determining what has actually happened;
  5. Identifying what systems, networks and information (assets) have been compromised;
  6. Determining what information has been disclosed to unauthorised parties, stolen, deleted or corrupted;
  7. Finding out who did it and why;
  8. Working out how it happened;
  9. Determining the potential business impact of the cyber security incident;
  10. Conducting sufficient investigation using forensics to identify those responsible.

Absence of appropriate skills and inadequate cyber-readiness can significantly increase the duration and cost of a cyber incident.

Few organisations really understand their ‘state of readiness’ to respond to a cyber security incident, particularly a serious cyber security attack, and are typically not well prepared in terms of people, processes, technology and information.

Organisations of all types are struggling to deal with cyber security incidents effectively, with a growing number of cyber security incidents now taking place on a regular basis and causing significant business impact.

The IT Governance Cyber Security Incident Response consultancy service can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents and is based on best-practice frameworks developed by CREST, ISO 27001 and ISO/IEC 27035 (the international standard for cyber incident response).

Contact us now on +44 (0) 845 070 1750 or email us at to discuss your needs with us.


Prepare, respond to and follow up on incidents

Utilising the CREST Cyber Incident response approach and drawing from ISO 27001 and ISO 27035 standards. IT governance can assist you in defining and implementing an effective prepare, respond, and follow up incident response approach as defined below:


  1. Conduct a criticality assessment;
  2. Carry out a cyber security threat analysis;
  3. Consider the implications of people, process, technology and information;
  4. Create an appropriate control framework;
  5. Review your state of readiness in cyber security incident response.


  1. Identify cyber security incident/s;
  2. Define objectives and investigate the situation;
  3. Take appropriate action;
  4. Recover systems, data and connectivity.

Follow up:

  1. Investigate incident more thoroughly;
  2. Report incident to relevant stakeholders;
  3. Carry out a post incident review;
  4. Communicate and build on lessons learned;
  5. Update key information, controls and processes;
  6. Perform trend analysis.

How IT Governance can help

Get started with your incident response planning strategy today with support from IT Governance’s CIR team.

Receive access to an experienced, dedicated technical team who are able to carry out sophisticated cyber security incident investigations quickly and effectively.

Identify, detect and contain incidents faster, mitigate the impact of an incident, and restore services in a trusted manner.

You are never going to eliminate the inevitable from happening but you CAN prepare an effective response plan and do all you can to minimise the impact of a breach when it does happen.

Contact IT Governance today on +44 (0) 845 070 1750 or email to find out more.

This website uses cookies. View our cookie policy