RS.AN-03.322

Does your incident response process include identification and analysis of vulnerabilities, threats, and threat actors involved in security incidents?

Explanation

This question assesses whether your organization systematically identifies the root causes and contributing factors of security incidents, including technical vulnerabilities exploited, threat types, and potential threat actors. A comprehensive incident analysis helps prevent similar incidents in the future by addressing specific weaknesses and understanding attack patterns and motivations. Evidence could include incident response documentation templates with dedicated sections for vulnerability, threat, and threat actor analysis; completed incident reports showing this analysis; or a formal incident response procedure document that explicitly includes these analysis requirements as mandatory steps.

Implementation Example

Attempt to determine what vulnerabilities, threats, and threat actors were directly or indirectly involved in the incident

ID: RS.AN-03.322

Context

Function
RS: RESPOND
Category
RS.AN: Incident Analysis
Sub-Category
Analysis is performed to establish what has taken place during an incident and the root cause of the incident

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron