PHASE 3. DETECT, RESPOND, RECOVER:

Incident Response & Remediation  

Trust, Verify, and Validate detection of persistent and evolving cybersecurity threats


Action

Leverage industry frameworks to understand the organization’s strategic profile including business objectives, policies and procedures, and security architecture to develop a Security Program Plan. The Security Program Plan will provide a foundation for organization governance, data protection, risk management, identity and access management, incident response, protective technologies, and security training. 

Objective

Ensure the confidentiality, integrity, and availability of organization resources and communications by making the organization resilient to evolving cybersecurity risks by communicating organizational intelligence based on threats and business risks to effectively secure information assets and develop optimal business performance. 


pg_03-03.jpg

1 / Discovery

Understand organization risk profile through documentation reviews, evaluation of policies and procedures, and analysis of business objectives.

2 / Coordination

Establish an Integrated Project Team (IPT) to  meet and maintain requirements defined by industry regulations

3 / Recommendations

Provide a Security Program Plan that bridges the gap between vulnerabilities and mitigation strategies to establish a strategic approach to organization security