Test Drive the Computer Security Incident Response Plan

Process Resource Centers Deliver Complex Procedural Content to 21st-Century Workers in a Visually and Operationally Consumable Manner

Procedural documentation is the fabric that enables the cohesive definition and harmonization of critical processes. The computer security incident response plan is complex and includes the participation of many employees outside of information technology and cyber security professionals.

21st-Century workers must deal with a barrage of information. To remain productive, staff cautiously considers where they will spend their time and efforts. Procedural content that is not intuitive and easily consumable will get less of their time and may be ignored. This test drive illustrates a method of delivering procedural content associated with a computer incident response plan in an intuitive, visually, and operationally consumable manner.

Process Resource Centers are web frameworks designed to deliver complex procedural content to staff in an intuitive manner. This Computer Security Incident Response Plan (CSIRP) Process Resource Center (PRC) delivers procedural content required to respond to a suspected cyber security attack that has penetrated an organization's defenses. It is base on the National Institute of Standards and Technology Special Publication 800-61 Release 2 (NIST SP 800-61 R2). NIST is a part of the U.S. Department of Commerce. NIST SP 800-61 R2 is considered one of the top models for cyber security incident response planning.

The CSIRP PRC places computer incident response resources at the fingertips of users. It is designed to enable staff and the incident response team to read, understand, and act on appropriate instructions knowledgeably and quickly.

The link to the test drive site is below the features list. Once in the test drive, tap on each feature to view the content. There is also a 2-page white paper below the test drive link that illustrates the test drive features. The images in this white paper are also linked to their respective features in the test drive. These are the active features in this test drive:

• Watch Video - 2 minutes and 51 seconds - Overview of the CSIRP PRC
• Total Process View - Shared Responsibility Map (SRM) - Supplier, Input, Process, Output, Customer (SIPOC) combined with Responsible, Accountable, Consult, Inform (RACI) illustrates end-to-end roles, responsibilities, and deliverables.
• Video within the SRM - 3 minutes and 44 seconds - Overview of Shared Responsibility Maps
• Step 1.1 Create CSIRT (Computer Security Incident Response Team) Teams, Roles, & Stakeholder's Charter - Digital document with hyperlink table on every page which improves navigation. The template illustrates the make-up of the CSIRT.

2.1 Monitor & Detection - Staff-level workflow illustrating the process of determining if an event is escalated to an incident. In this workflow view these items

• The workflow designed for staff-level consumption
• Click on the SIPOC and RACI tabs to see the roles, responsibilities, and deliverables for this step.
• Step 2.1 Monitor and Detection video - 2 minutes and 41 seconds
• Click on the Shared Responsibility Map tab for this workflow at the top of the screen to view the Shared Responsibility Map and view the Shared Responsibility Map video - 35 seconds

Click Here to Test Drive the CSIRP PRC

Click Here to Download the Test Drive Features White Paper