As the (National Institute of Science and Technology (NIST) Special Publication (SP) 800-61 R2 specifies, Rapid Cyber Remediation Response requires planning. If there is an attack, how will your team respond? This means defining and implementing enterprise-wide processes quickly and easily, being able to see the current status of the remediation effort at any time, and measuring performance. To do this requires:
- Defining and having a repository of processes used for different types of remediation efforts. These are called “’work templates.”
- Eliminating the need for training the people involved on the processes. They are too spread out and this takes too long. They just need to be trained on working the tasks assigned to them. The process is in the template.
- Eliminating silos within and between organizations because processes cross organizational boundaries.
- Capturing performance, which means time spent and task duration. These are the key performance metrics needed to determine if and how a process can be done faster, improving tempo.
- Defining and tweaking processes needs to be fast and easy, so you can be responsive as you get more information about performance.
- Measuring cost. “Time spent” times an average rate for each labor category gives you a labor cost for each remediation effort. At a briefing, one manager said that if they knew how much it cost for each remediation effort, they might not want to do all of them.
- Understanding resource availability and how they are performing. Having automatic notifications is important if someone is not responding quickly enough.
All of this is needed to manage and improve the remediation of cyberattacks, vulnerabilities, and failures in the IT infrastructure. The new Federal Cyber Security Framework requires a structured incident response capability, which is what Project Remedies’ ActionProgram Manager Plus offers.
ActionProgram Manager Plus brings mature capabilities to solve this constant and evolving problem of complex and rapid incident remediation response. It gives you a degree of situational awareness previously unavailable and is a major part of your overall situational awareness goals. ActionProgram Manager Plus organizes and tracks tasks, manages staffing, captures cost and monitors each Remediation Response task/project status in near real-time.
For more information, please download our white paper: Rapid Cyber Remediation Response Management.