Peer to Peer Magazine

8 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | FALL 2017 BEST PRACTICES Ready for Anything: Wisely Choosing an Incident Response Team Ready for Anything: Wisely Choosing an Incident Response Team Due to the dearth of qualified IR experts and the cost of hiring a full-time IR team, it is oen necessary to outsource IR. But with so many security professionals and security companies claiming to be experts, how do you know which company should handle your IR needs? To decide on a provider, ask what services the IR team offers, how much experience it has, and how well it can perform incident response. The IR Search Begins IR encompasses a broad set of capabilities, including digital forensics, malware analysis, data and log analysis, legal counsel, the preservation of your brand, contractual reporting, containment, evidence collection, government and compliance requirements, remediation strategies and working with law enforcement. A good team should be able to help you with all of those. When searching for the right IR team, you need to know what specific IR services it provides and what additional services and resources it offers to assist in IR. Does the organization have a threat intelligence program it uses to inform and assist in IR? Does the organization consult with its clients on other aspects of information security, such as best practices, security architecture and other managed security services (MSS)? Those consultations, and possibly the services themselves, will be needed to help protect you from future breaches. Delving Deeper When interviewing prospective companies, get at least three references that can aest to each company's abilities. Ask prospective providers what other security services they offer that protect your network and provide a timely response. Companies that monitor thousands of networks and endpoints around the world to augment its threat intelligence can leverage their data to beer protect customers and beer respond to aacks. If you accept credit cards and your card data has been compromised, one of the payment card industry (PCI) companies might require you to have an independent forensic investigation completed by a PCI- listed Payment Card Forensic Investigator (PFI). The payment brands all have their own rules and thresholds for when a PFI must be engaged. During your selection process, find out if the company is a PFI. Ask candidates if they offer IR planning and training. They should be able to review and become fully integrated into your Cyber Incident Response Plan (CIRP), and be able to help you conduct table-top exercises to quicken your breach response time. You should also find out what industry certifications the IR provider has. Some of the top IR certifications come from SANS, GIAC and the INFOSEC Institute. Ready for a Response Handling a breach could take weeks or months. The best time to choose an IR team is long before you need it, so it can know your environment and be ready to serve you. Whichever IR provider you choose to work with, you will likely need approval from your cyber insurance carrier to be reimbursed for resources that are not already provided in your cyber insurance policy. P2P The media coverage of law firm data breaches and the FBI warning of a cybercrime insider trading scheme targeting international law firms should hammer home this point: Your law firm needs incident response (IR) capability. by Neal McCarthy SecureWorks (NASDAQ: SCWX) is an information security services company that holds the highest ratings from industry analysts. NEAL MCCARTHY Senior Cybersecurity Incident Response Consultant Over his 20+ year IT career, Neal McCarthy has held a wide range of roles within IT, including systems programming, IT consultant, technical management and IT sales. He recently retired after 30 + years as a Marine Corps reservist obtaining the rank of Lieutenant Colonel. He is on the Board of Directors of the San Francisco Bay Area / Silicon Valley chapter of the FBI's Infragard program.

• Cover