Upload
others
View
6
Download
2
Embed Size (px)
Citation preview
BREACH RESPONSEPREPAREDNESS
INCIDENT RESPONSERETAINER LEVELS
BENEFITS OF AN ANNUAL IR RETAINER
NON RETAINER CUSTOMERIndustry average time from breach to initial analysis
2-15 DAYS
RESPONSE TIMINGCOMPARISON
RSA RISK & CYBERSECURITY PRACTICE
IR RETAINER:
70%IR Retainers help an organization align with the requirements and incentives offered by cybersecurity insurance providers
IR Retainers provide rapid access to top tier IR professionals and supplement internal teams via surge resourcing during sophisticated attacks
IR retainers are a proactive cyber-security measure that can significantly reduce an attacker's dwell time and reduce the impact of a breach
Incident respondersfamiliar with customer’s
environment
IR vendor search and selection
PROCUREMENT OF IR, LEGAL PARTNER
ENGAGED*
• Proactively prepare for an incidentor breach
• Accelerate response time fromseveral days to as little as 3 hours
• Be better prepared to satisfyregulatory requirements like GDPR’s72 hour window for reporting abreach after discovery
• Enable future and rapid procurementwith a contracted and pre-approvedIR vendor
• Facilitate rapid response with IR expertise that is already familiar withyour environment, technology,available data, challenges and otherimportant details
Be Prepared! An incident response retainer reduces the time required to engage top-tier IR professionals and reduces exposure to risk during an incident or breach.
90% of organizations are
dissatisfied with their response time2
RSA Risk & Cybersecurity Practice team's expertise has beenacknowledged as a “Strong Performer” in the Forrester Digital Forensics and Incident Response (DFIR) report and is an NSA accredited Global Incident Response practice.
Explore the four levels of RSA Incident Response Retainers
RSA and the RSA logo are registered trademarks of Dell Technologies in the United States and other countries. © Copyright 2018 Dell Technologies. All rights reserved. Published in the USA 3/17 Infographic H17025.
LEARNMORE
SIGN UPNOW
of organizationsknew they were compromised
in the past year1
IR RETAINER CUSTOMERIndustry average time from breach to initial analysis
3 HOURS
Ongoing analysisPreliminary analysis complete
Multiple IR resources engaged
REMEDIATION UNDERWAY
Compliance notifications distributed
Day 1
3 hours
Day 2Day 2
Day 3 / 72 hours
Day 11
Duration
Effort Estimate(hours)
SLA: Initial Response
SLA: Initial Analysis
SLA: On-site Analysis
Use of Unused hours
Deliverables
1 year
24
8
24
72
n/a
Preliminary analysis report
1 year
66
6
24
48
Preliminary analysis report
1 year
120
3
12
24
Preliminary analysis report
1 year
242
3
12
24
Preliminary analysis report
Incident discovery report
Board readout from RSA Exec
Bronze Silver Gold Platinum
SUSPECTED INCIDENT DETECTED
GDPR REPORTING DEADLINE 72 hours 72 hours
Ongoing analysis
Preliminary analysis complete
Multiple IR resources engaged
REMEDIATION UNDERWAY
Compliancenotifications distributed
Day 12
Day 13
Day 14
SUSPECTED INCIDENT DETECTED Day 1]
*Many unfavorable terms are missed in a rush and understanding of consequencesare not understood.
1 RSA Cybersecurity Poverty Index 20162 RSA Threat Detection E�ectiveness Survey 2016
The hour glasses below show a real-world response timing comparison. IR Retainer customers gain several bene�ts from establishing a long-term relationship with an IR �rm who is already familiar with their organization, environment, technology, available data, critical assets, people, regulation mandates and any other critical information.