An Incident Response Test is designed to assess how well an organization’s Incident Response Team or technical IT staff respond to an attack against the company’s network, infrastructure and sensitive data. The IR Test is designed to evaluate the maturity of your organization’s incident response program across five domains using Carnegie Mellon’s Capability Maturity Model Integration, or CMMI. SecureState uses the CMMI as a framework for control evaluation to access current IR documentation, security controls and the effectiveness of those controls.
An Incident Response Test goes beyond traditional table-top exercises by evaluating real-time responses to live attacks against the client’s systems. SecureState will begin with a review of any applicable documentation, from ad-hoc incident handling procedures to defined incident response plans. Whether the assessment is held on-site at your company’s location or remotely, SecureState will interview your incident response and security personnel to determine what security controls are currently in place.
Then, when the simulated attack begins, SecureState will continue to interface with incident response personnel, review alerts and logs that are generated, and observe your company’s response procedures. This multi-phased approach allows SecureState to validate that incident response documentation and technical controls (i.e. alerting) are implemented properly and functioning as expected.