Incident response plants are incredibly important for both IT and OT cybersecurity. They guide you in stressful crises, and aid in both tactical procedures and decision making.
I cannot state enough how important it is that your organization has plans for every environment, those plans are tested, and that ultimately you write and edit the bulk of those plans yourself.
There are skeevy consulting companies who will sell you almost anything - from premade IR plans to services that build them for you without your involvement. However, I can absolutely guarantee without serious project-scale care and feeding from your own stakeholder personnel and environmental considerations, they will fall flat in an emergency. You wouldn’t want your hospital to download a premade triage plan for another size or functional org from scribd.
Can’t stress enough how important it is to take the time to plan, even if you bring in consultants to guide and advise you.
#cybersecurity #dfir
@hacks4pancakes@infosec.exchange I cannot agree with this enough. You absolutely have to do this yourself. No external entity, no matter how honorable they may be, and.most aren’t, can possibly grasp your environment more than your own staff that built and run it.
This notion that you can outsource everything even remotely hard is quite frankly not true, and while it may save you some pennies now, you will spend real capital cleaning up the mess when that bad day comes.
Tangentially related trend I am seeing: New ISPs that don’t run their own core networks. They outsource it to companies that claim to run core networks for ISPs. If you can’t run a network, you seriously have no business pretending to be an ISP.
This outsourcing of absolutely everything is going to fuck you sooner or later.