Dr. Roger Mason and a team from Black Lantern Security (BLS) participated in a cybersecurity summit in Atlanta. The summit was sponsored by a Fortune 500 company based in Atlanta. The purpose of the security summit was to help the company’s subsidiary organizations prepare for a cyber emergency. A joint LECMgt/BLS team has been developing a new incident response plan for this client. The plan is designed to incorporate the business practices of the client with incident planning standards from the National Incident Management Plan and the National Institute of Standards and Technology.
The summit included experts from the cybersecurity industry. Roger Mason and Dr. Phil Hartlieb’s team developed the tabletop exercise for the summit. The Black Lantern experts provided the technical framework that ensured a challenging tabletop exercise. Roger Mason did a 90-minute presentation explaining the new incident response plan to summit participants.
The exercise involved operational analysts from the company’s enterprise security team and cybersecurity representatives from a subsidiary team outside the US. The combined team used the new incident response plan and run/playbooks for the exercise. The run/playbooks are divided by topic with an explanation of what to expect from a hostile actor and procedures to counter an attack.
This has been an exciting project as LECMgt’s incident response planning experience was connected to the cybersecurity response expertise at Black Lantern Security. Developing an emergency operation or incident response plan is similar no matter the topic or the domain. Certain factors must be considered when developing systems and procedures.
Foremost, the new plan must be a combination of the client’s business practices and national and industry standards. Tabletop exercises are a familiar and practical tool to help team members employ their new incident response plan in a risk-free environment. This plan and the training will provide synthetic experience and a strong foundation for problem-solving during a cyber-attack.