Cyber Security Incident Response Procurement Guide
Cyber Security Incidents have not only become more numerous and diverse, but also more damaging and disruptive with new types of cyber security attacks emerging regularly.
CREST commissioned a research project into cyber security incident response (CSIR) with the aim of producing a Procurement Guide and a Supplier Selection Guide for CSIR services. The objective was to help improve the buying process for current and potential buyers of CSIR services and to help the buying community meet the range of different requirements for responding to a cyber security incident, based on their type of organisation.
Given the obscure nature of CSIR attacks, it can be difficult know what questions to ask and of whom in order to identify professional, competent organisations that can help. The Procurement Guide will help you prepare for, respond to and follow up cyber security incidents appropriately and help you to select suitable third party experts. In summary, the Guide helps to:
- Define what cyber security is and isn’t;
- Compare the different types of attack;
- Analyse the anatomy of a cyber security attack;
- Summarise the main challenges in responding to cyber security incidents;
- Show how organisations can take a structured approach to CSIR;
- Outline how organisations can determine their own state of risk, capability and readiness;
- Explain how employing expert professional suppliers of CSIR services can enable faster and more effective responses;
- Highlight what to look out for when selecting a supplier and what questions to ask internally;
- Demonstrate how to implement the good practice.
An Introduction to effective Cyber Security Incident Response is available here or you can click on the image to download the complete Guide.