AccessQuint Access360

A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity tasked the U.S. Cybersecurity and Infrastructure Security Agency (CISA) with developing a standard set of operational procedures for the Federal Civilian Executive Branch (FCEB) to use when responding to incidents and vulnerabilities. CISA recently released the Cybersecurity Incident & Vulnerability Response Playbooks as a single document. While this guidance is intended for FCEBs, it may be applicable to other entities as well.

What follows is an analysis of that guidance from the perspective of a security practitioner.

Cybersecurity Incident Response Playbook: The good

The Incident Response Playbook builds on the widely used NIST 800-61 r2 Computer Security Incident Handling Guide , which is referenced by countless organizations when it comes to building incident response (IR) capabilities and carrying out IR activities. This involves standard IR phases of:

Preparation

Detection and analysis

Containment

Eradication and recovery

Post-incident activity

Coordination

The guidance provides comprehensive details for each IR phase so that FCEB and other organizations leveraging the playbooks can take actionable steps to improve their IR processes.

Accessquint cybersecurity Solutions
Related Posts

Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration

It’s no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ...

A New Year Will Bring New Targets: What to Look for in 2022
Combating the Surge in Retail Theft and E-Commerce Fraud With Open Source Intelligence
Are You Prepared for 2022's More Destructive Ransomware?