What is Cyber Security Incident Response?

Cyber Incident Response is the term used to describe actions undertaken when a computer network or system is compromised, or believed to be compromised. Cyber Security Incident Response  (CSIR) organisations can evaluate the situation and undertake the most appropriate actions to allow recovery from, and prevent reoccurrence of, the incident.

Support and Guidance
CREST has produced some guidance on procuring incident response services to improve the buying process for current and potential buyers of CSIR services and to help the buying community meet the range of different requirements for responding to a cyber security incident, based on their type of organisation.  Given the obscure nature of CSIR attacks, it can be difficult know what questions to ask and of whom in order to identify professional, competent organisations that can help.

The Procurement Guide will help you prepare for, respond to and follow up cyber security incidents appropriately and help you to select suitable third party experts.  You can download a copy here:
CREST Cyber Security Incident Response Procurement Guide

The CREST Cyber Security Monitoring and Logging Guide, however, presents details about how to monitor and log cyber security events, some of which are potential indicators of compromise that can lead to cyber security incidents if not addressed quickly and effectively.  It offers practical advice on how to manage logs efficiently, deal with suspicious events, use cyber security intelligence and address challenges and is designed to enable you to prioritise and manage myriad event logs, build an effective cyber security monitoring process and learn about where and how you can get help.  You can download a copy here:
CREST Cyber Security Monitoring and Logging Guide

Finally,  CREST has developed a maturity model to enable assessment of the status of an organisation’s cyber security incident response capability.  You can read more and download a copy of the tool here:
Cyber Security Incident Response Maturity Assessment