Effective Incident Management

Client: The client is an international Fortune 50 telecommunications company.

Project: Work with the client to implement a formal incident response strategy compatible with their ISO 27001 information security management system (ISMS) framework. The client had been spending a significant amount of time in reactive mode dealing with customer and internal incidents including incidents caused by customers’ malware that impacted other customers as well as the internal organization.

Summary: It became apparent very early in our assessment that the incident response team was understaffed. The sheer volume of incidents kept the team in firefighting mode constantly. There was no formal incident response strategy and all information security events were handled on an ad hoc basis. The organization was also rapidly introducing new Internet-based services without input from the security team.

We introduced a prototype incident response process with defined roles and responsibilities and identified measurement points for developing and reporting metrics. A prototype new product development process was also introduced which incorporated security requirements and reviews at multiple steps in the product development process.

The result was an 80% reduction in the number of security incidents resulting from new product offerings. The prototype incident response process proved to be an effective strategy for managing security events that did occur. The total number of incidents was nearly cut in half and the response time from incident notification to closure was reduced from weeks to hours.

Value-add: We developed an activity-based resource management model that demonstrated quantitatively that the security group staffing should be increased by 20%. This, coupled with the newly implemented incident management metrics, convinced executive leadership to add resources as requested.