Pub. 18 2023-2024 Issue 5

steps in the incident response plan are not in place. If you decide to create your own incident response playbook, it is important to note that it should be included within your IRP. Why is an Incident Response Playbook Important? Creating an incident response playbook tailored to your organization allows you to document ways to mitigate the most risk posed to your organization by the riskiest threats, including, but not limited to, ransomware, malware, password attacks and phishing. Identifying relevant threats that could be extremely impactful to your network and then creating walkthrough scenarios on how to counteract those threats helps your business continuity and incident response teams focus on what needs to be addressed first. On the following page, you will find the seven steps to create an incident response playbook appropriate for your organization. Step 1: Identify Riskiest Threats Study your organization’s technology risk assessment(s) and other audit activities, such as penetration tests and vulnerability assessments, to find your organization’s top five riskiest threats (cyber or otherwise). Step 2: Identify Common Attack Vectors Research the common attack vectors around the top five threats based on your risk assessment(s) and audit activities, as discussed in Step 1. Understanding how hackers perform such attacks in today’s environment, including the tools they deploy and methods they use, will help you build out better incident response scenarios (which we’ll discuss in the next few steps). A prime instance of being up to date on an attack vector rings true when discussing one of today’s scariest incident response scenarios: ransomware. Although ransomware has been on the rise over the years, the most prominent ransomware attack methods have changed. Attackers will always use whatever tools are convenient to attack an organization’s network. Just like everything else in the cybersecurity field, attack vector methods are constantly changing, making it even more important to stay educated on recent attack trends. Step 3: Create Scenarios Take the top five riskiest threats (cyber-threats or otherwise) identified in the first two steps and create a scenario for each, covering how that threat may affect your organization. These scenarios should incorporate your research about how those threats are realized (step 2) and allow you to document a realistic scenario about how the threat (i.e., ransomware) may happen to you. For example, while ransomware is the “threat,” the scenario likely includes an employee receiving an intriguing email, clicking on the email and inadvertently installing ransomware on the network. Outlining these scenarios will be your pivot step in preparing for a tabletop walkthrough, which leads us to our next step. Step 4: Perform Tabletop Walkthrough Before performing an official tabletop test, perform a tabletop walkthrough of each scenario on your own or with your team. This first-stage tabletop walkthrough allows you to work through different scenarios and find how they mimic real-world instances. For example, if your organization needs to be wary of phishing emails, a part of your phishing scenario should discuss the possibility of malware delivered by the phishing email spreading to other computers in the organization. Taking that additional step with your incident response scenarios can be beneficial because it puts in perspective what your organization needs to consider in addition to just phishing email awareness (how do we stop malware from spreading?) and allows you to discuss what steps in reacting and recovering from these scenarios may need to be improved. Colorectal cancer is the third most common cancer among Nebraskans. Early detection saves lives, so doctors recently lowered the recommended screening age from 50 to 45. BCBSNE health benefits cover screenings and preventive treatments at no extra cost. OVER 45? GET SCREENED Visit NebraskaBlue.com to connect with a coach and schedule a screening today. An independent licensee of the Blue Cross and Blue Shield Association. 26 NEBRASKA BANKER

RkJQdWJsaXNoZXIy MTg3NDExNQ==