The Incident Response Episode
Transcript
- KirkpatrickPrice believes if an audit is done, it should be worthwhile, despite audits being hard.
- They have issued over 20,000 reports to 2,000 clients worldwide.
- A software alert helped locate a lost laptop from a former employee, revealing a process gap.
- The podcast episode features host Allie Krings interviewing special guest Cherry Kent, an Information Security Auditor at KirkpatrickPrice.
- Cherry Kent is an avid marathon runner, having completed 50 marathons, including 17 Boston Marathons, starting in her late 30s.
- Professionally, Cherry Kent worked at a hospital for 32 years, transitioning from programmer (using COBOL and RPG3) to network manager, disaster recovery manager, and finally IT Security Officer for about 10 years.
- She joined KirkpatrickPrice in 2020 after Joseph Kirkpatrick contacted her on LinkedIn.
- The discussion includes Cherry’s experiences as a woman in cybersecurity, humorously noting the shorter women’s bathroom lines at RSA conferences.
- KirkpatrickPrice values experience, hiring knowledgeable individuals including women and older professionals.
- Incident response is defined as preparing for and managing IT system impacts like downtime, data breaches, or theft; every company will face an incident eventually.
- Cherry Kent shares a difficult incident from 2009 where a virus, introduced via an employee’s laptop, impacted systems due to unpatched software and inconsistent antivirus, taking nearly a year to fully resolve.
- Common security incidents include theft (mitigated by encryption and police reports) and risks from terminated employees (requiring immediate access revocation and equipment retrieval).
- Key advice for creating an incident response program is to start immediately, adapt existing templates, conduct regular team meetings and brainstorming sessions, and train employees.
Notes
Cherry Kent’s background
Cherry Kent | LinkedIn
Incident Response Resources
Incident Response | KirkpatrickPrice
Find a Forensics Response Provider
24×7 Cyber Incident Response Services | Cyber Risk | Kroll
Incident Response (IR) Cybersecurity Services | CrowdStrike
Mandiant Incident Response Services | Google Cloud
SOC 2 Trust Services Criteria
SOC 2 CC7.2
The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.
SOC 2 CC7.3
The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures.
SOC 2 CC7.4
The entity responds to identified security incidents by executing a defined incident response program to understand, contain, remediate, and communicate security incidents, as appropriate.
SOC 2 CC7.5
The entity identifies, develops, and implements activities to recover from identified security incidents.
HIPAA Audit Protocol
• 164.308(a)(6)(i)
Security Incident Procedures
Implement policies and procedures to address security incidents.
Does the entity have policies and procedures in place to address security incidents?
Obtain and review the policies and procedures related to security incidents
Elements to review may include but are not limited to:
• Identification of what specific event would be considered a security incident
• Identification of workforce members’ role and responsibilities regarding security incidents
• Management involvement regarding security incidents
• Workforce members or roles to which the incident response policies and procedures are to be disseminated
• Coordination of security incidents among business associates
• Identifies what steps should be taken in response to a security incident
• The frequency to review and update current security incident policies and procedures
Obtain and review documentation demonstrating that security incident policies and procedures are implemented. Evaluate and determine whether policies and procedures are appropriate for addressing security incidents and are in accordance with related policies and procedures.
Incident Response Playbooks
Incident response playbooks | Microsoft Learn
Cybersecurity Incident & Vulnerability Response Playbooks
NIST Incident Response Recommendations and Considerations for Cybersecurity Risk Management
AWS Security Incident Response User Guide
Upload your Risk Assessment for a free KP expert review
Send a Question
Do you have a question for our podcast? Send it to us here.
