Enterpise Security Services

Incident Response Test Training and Exercise

Read on to discover why, how, and how often you should test your organization’s resiliency and response plans.

Essentials

In order to test the current security program, SecureState simulates an attacker attempting to gain remote or local access to the business networks, and exploits weaknesses to obtain as much access to sensitive information as possible. These assessments ascertain if an attacker focused their efforts on the business networks, the level of exposure, and/or unauthorized access that may be obtained; as well as testing the Incident Response capabilities of the corporation. The exercises simulate real-world incidents that may affect data and resources, and will be performed concurrently to ensure the IRP is properly implemented, tested, and follows approved policies.

Benefits

Security exposures and threats often go unnoticed within current security programs. Conducting IR test training and exercise activities will help eliminate that issue.

Expertise

Using an outside firm to perform education and training will provide an objective and knowledgeable perspective which is unique to SecureState. During this engagement, SecureState will provide structured training as well as evaluate the effectiveness of the organization’s internal knowledge. Additionally, SecureState will provide recommendations for potential improvements for the response, handling, and implementation of the Security Program.

Members of the Readiness and Response Team have developed plans, created metrics, and developed capabilities built specifically using NIMS, NIST, CERT, FCD-1, and HSEEP standards for designated high-criticality assets and mission essential functions. SecureState’s Readiness and Response Team has planned and invoked responses to the full spectrum of threat and hazard events, including enterprise-wide malware response, proprietary information theft, inclement weather events and terrorist disruption; as well as activating EOCs, and mobilizing first response forces and support personnel.

Did You Know?

Common Misconception: Testing resiliency and response plans are too difficult to measure effectiveness, and will not provide a ROI for the effort involved.
Reality: Testing, training, and exercises continually show the shortcomings, yet necessity, of integrating resiliency services and resources, managing the facilitation processes, and maturing the impact plans and procedures within the business.
Frequency: Testing an organization’s resiliency and response plans, as well as the organization’s resources and communications should occur at least annually.

Our Approach and Methodology

SecureState’s Assessment provides multiple approaches to assessing the control points, architecture, personnel, and methodologies referenced within the security program; in order to determine the overall state of response and prioritization of security within the corporate architecture.

This Test Training and Exercise will specifically examine the following:

Structure of the existing Security Team, including defined roles and responsibilities, as well as procedures
Current logging, auditing, and monitoring inputs that drive the Security Program
Incident definition and classification
Escalation procedures both internally and externally
Previous tabletop or mock exercise documentation
Confidentiality, integrity, and availability of information
Protection of sensitive information
Ability to maintain processing during and following an emergency
Management and employee accountability for computing resources
Maturing the response and security program: The primary outcome of every test and exercise is to determine a current state of the organization’s Security Program. The output of this response will outline the structure of the Security Program and define best practice objectives that should be met to ensure the company clearly understands and responds to information security incidents and threats.

The specific syllabus will be a collaborative effort between SecureState and the organization; and generally includes the following elements:

Scripting, Regular expressions
Custom packet creations
Configuring, deploying and monitoring IDS and inline IPS
Creating custom signatures
Deploying and customizing malware detection
Incident response

What Makes Us Different

SecureState:

Concurrently assesses the impact and risk controls
Combines data forensics, hacker, and risk perspectives
Provides an integrated response to determine how, when, why, and where a compromise or incident occurred
Employ testing and evaluation team members who are actively engaged in and manage relationships with DHS, FEMA, and state and local responders, as well as law enforcement
Employ professionals who have served in advisory and designed roles in the creation of MOUs and resiliency plans for the USAF and USMC.

Related Services

Downloads

We Can Help You

Generate New Image

Enter the code from above.