Incident Response Advisory

Reduce chaos with a quality incident response plan

Cyber-attacks are increasing and organizations are at risk, regardless of size or industry. While management teams are concerned, 63% are not confident in their ability to properly secure against attacks.

To address these threats, enterprises need a well-documented and well-rehearsed cyber Incident Response Plan (IRP). Studies show that having such a plan reduces incident recovery costs by nearly 10%. Various regulatory and compliance frameworks require an IRP, including PCI DSS, NIST CSF, ISO, FFIEC, and HITRUST.

Coalfire’s Incident Response Advisory services help organizations develop IR capabilities based on industry best practices, conduct tabletop exercises, and ensure that your IRP aligns with regulatory and  compliance requirements  while meeting executive management expectations.

Our approach is based on a series of strategic steps based on a NIST framework (NIST 800-61 Revision 2) “Incident Response Lifecycle” that stresses:

  • Preparation
  • Detection and analysis
  • Containment, eradication and recovery
  • Post-Incident activity

Our services can help you:

Determine the Key Elements of an IRP – Our advisors can help build the business case for an IRP, review your IRP to ensure it’s consistent with your current organizational goals, strategies, and objectives, and assess your Incident Response capabilities through testing so that you can be confident you’ve executed due care and reduced potential exposure. Once complete, you’ll have a clear understanding of security incidents, have the ability to calibrate response based on event classification and potential business impact.

Define Key Roles and Responsibilities – Assembling your team is key to ensuring your organization has the skills, resources, and capabilities in place to respond to an incident. This includes establishing an incident response team, and training them on response processes and procedures.  Establishing this team requires defining the key roles and associated responsibilities so that IR team members can adequately respond to incidents. We can help you define these key roles, business partners, service providers, and trusted advisors you count on to manage risk. We can also help identify third-party resources, such as law enforcement, outside counsel, and digital forensics service providers who can help you in your moment of need.

Test your IRP – Testing is critically important. You are not adequately prepared for an incident until you’re trained on how to handle them. We work with you and your team to ensure each component of your IRP is diligently tested and stakeholders understand their critical roles and responsibilities, so that your business can swiftly respond in the event of an incident.

Why use Coalfire for your Incident Response Plan

Since our founding in 2001, Coalfire has established itself as a pure-play, vendor-neutral cybersecurity advisory firm serving as a trusted advisor to executives, legal counsel, compliance managers and security practitioners across numerous industries.

Each Coalfire project is led by a credentialed, industry-savvy senior director and supported by consultants armed with the methodologies, proven proprietary frameworks, insights and know-how accumulated through service to over 1,400 clients annually. We’re skilled communicators who present our findings in business terms for truly actionable insights.

We also provide penetration testing services, a best practice strategy in which you’ll gain an independent view of what the acquisition target looks like to an attacker.



Case Studies