.png?width=180&height=44&name=Cygnvs%20Logo%20(5).png "Cygnvs Logo (5)"){kind=small}
How CYGNVS Helps Advance Your Cybersecurity Preparedness
Organizations have incident response plans, but how do they build confidence in the incident response function with executives and internal stakeholders? Achieving confidence in the organization’s ability to successfully execute during a cyber crisis requires preparation and practice. CYGNVS customers share their best practices.
Bring in the Broader Team
Incidents today require engagement from a variety of internal teams including risk, compliance, marketing, customer service, and supplier management, as well as external providers like outside counsel and forensics. A big threat to successful incident response is not identifying and engaging these stakeholders in an incident response platform, like CYGNVS, before an incident occurs. Onboarding people to the platform in advance allows an organization to define roles, responsibilities, and chain of command, and will help enable the broader team to execute seamlessly without confusion and delays. With people constantly moving in and out of the organization and roles, Active Directory enables organizations to easily manage users, including those who need to be notified but aren't directly involved in the response.
Create Playbooks
Once the broader team is in the CYGNVS platform, the next step is to ensure each team knows what to do and when to do it. The CYGNVS playbook library provides step-by-step guidance so each participant knows exactly what to do. Playbooks in CYGNVS manage dependencies and keep the workflow moving across the broader team. Customers reported organizing activities into workstreams by group or function (e.g. what facts does HR need to gather or what tasks does outside counsel need to perform). Import existing playbooks or choose from the CYGNVS library of up-to-date playbooks by incident type, geography and industry – and then customize.
Define Access Control
Who gets to see what and when during a cyber incident is critical to protecting confidentiality and legal privilege. By assigning stakeholders from the broader team into groups and roles, CYGNVS enables fine-grained access control across all artifacts including playbooks, workstreams and tasks.
CYGNVS access controls can span organizations. For example, a PR team might span people from marketing, inside counsel, and a PR firm. Access controls for this team can be changed on demand during an incident as needed. Customers have shared that a foundation of access control is critical for incident management. One customer invited over 26 different vendors on the first day of an incident, providing each with access only to those areas where they were needed.
Practice in Tabletop Exercises
With the CYGNVS Tabletop Player, organizations conduct practice exercises inside the platform to run stress tests and scenarios, validate response playbooks, and measure the effectiveness of the response efficacy. A critical value of running a tabletop in CYGNVS is ensuring the broader team gains familiarity and first-hand experience working inside the platform – “train where you fight.”
Customers reported running different types of tabletops across their organizations – a board tabletop on materiality determination, a tabletop with a critical supplier on a breach, an IT/Security tabletop with forensics on technical log analysis. Some customers shared running the same tabletop exercise across divisions and benchmarking divisions on various tabletop success metrics. The platform can create After Action Reports (AAR) that identify areas of improvement, and these reports can be securely shared through CYGNVS with regulators and others.
Update Response Plans
With the threat landscape, technology and macro-environment changing constantly, CYGNVS makes it easy to conduct updates to the incident response plan and revise for changes.
CYGNVS recommends quarterly plan reviews as a best practice to ensure compliance and maintain readiness. Remember: in cyber incident response, it's not just about having a plan—it's about building and maintaining the organizational muscle memory to execute it flawlessly when it matters most.
