Incident Response (IR) Playbook Development
Incident Response (IR) Playbook Development ⫘
Service Overview ⫘
Playbooks contain incident-specific guidance for responding to a potentially chaotic situation. While an IR plan provides an overarching technical and non-technical organizational response to any cybersecurity incident, a playbook contains guidance for a specific type of incident. Playbooks are typically used for common or high-profile incident types that may require additional planning, such as specific steps to follow for responding to a malware attack.
Service Methodology ⫘
Secureworks will work with you to determine the scope of the playbook and the incident type (e.g., ransomware, phishing attempts) for which the playbook will be used. After the specific scope is determined, Secureworks will request existing documentation (e.g., IR plans, process guides, pre-existing playbooks). This documentation enables Secureworks to understand your current security posture and practices to ensure that development of the playbook will be in alignment with your IR plan, tools, and other response processes.
As deemed necessary, facilitated workshops and interviews may also be conducted with your primary stakeholders to rapidly gather a complete understanding of overall requirements, critical business requirements, and existing response capabilities.
Outcome ⫘
Secureworks will create an IR playbook that is in alignment with your IR plan, tools, and other response processes.
Recommended Pre-requisite(s) ⫘
While not a firm pre-requisite, it is highly recommended that you have an existing IR plan because the playbook will be developed to incorporate pre-existing IR planning. If you do not have an existing IR plan or believe your plan needs expert review, then we encourage you to consider our services for developing an IR plan or reviewing your existing IR plan.
Scope and Service Units ⫘
Depending on the subject of the IR playbook and the amount of pre-existing planning, playbooks require between 4 and 8 service units.