Mastering Incident Response Planning

STN’s incident response planning services train and test your team’s ability to detect, respond to, and recover from security incidents such as cybercrime, data loss, and service outages.

Schedule your assessment

Your organization is the biggest target for data breaches.

Your organization needs to be prepared for information leaks, account and network compromises, and data breaches. If you’re asking if your organization will be breached, the answer is yes.

The better you can prepare for inevitable cyberattacks with a well-defined Incident Response Plan (IRP), the better armed your organization will be. An Incident Response Plan is a set of instructions to help you detect, respond to, and manage a security incident. Building a clear IRP that you can rely on will help guide you and prepare for the imminent security incident. Your goal is to limit potential damage, reduce risks, and get your organization back on track.

Sixty percent of small and mid-sized businesses that are hacked go out of business within six months

according to the National Cyber Security Alliance


7 in 10

of all organizations in the United States were affected by a data breach, according to the 2018 Thales Data Threat Report.

infographic illustration of computer with a virus

The consequences of not having an incident response plan in place:



Customer/Patient Issues

Compliance Issues

Loss of Revenue

Loss of Reputation

Regulatory fines, lawsuits

Loss of Business

Business Shutting Down

STN Logo

STN can partner with you to manage your incident response.

The good news is STN is your ally to help you protect your network, information, and assets.

We can help you manage the incident response process every step of the way, starting with the Incident Response Plan (IRP) and continuing with plan development and testing. If you do not yet have an IRP, you are not alone. Seventy-seven percent of organizations do not have a formal cybersecurity incident response plan in place, according to the Ponemon Institute.

Cyber attackers and hackers are becoming more sophisticated and motivated. They are constantly spawning new attacks to compromise, steal or destroy critical information and disrupt organizations, according to GCN. STN can take your existing incident management policy—or build one from scratch—and work with you to develop it into an Incident Response Plan with thorough development, training, testing, and observation oversight.

Incident response plan, plan development, testing

STN will work with you on each of the Incident Response phases:

Phase 1

Incident Response Plan development and execution

  • Identify relevant laws and standards as they relate to your organization
  • List specific, regulatory environment-driven requirements that the program must meet
  • Define Information Security Incident (ISI) as opposed to a significant event and identify authority(ies) authorized to declare ISI’s
  • Define roles and responsibilities
  • Define critical assets and systems
  • Define monitoring systems, detection enablers, and forensics enablers
  • Create the communication plan
  • Create the actual Incident Response Plan
  • Define the Incident Response team’s required equipment and assets based on the plan’s structure and steps
  • Define plan review, updating, and testing requirements
  • Define exception request process and identify authority authorized to grant exceptions

Phase 2

Plan Testing and Plan Refinement

STN will work with you to rigorously test the Incident Response Plan and empower your team, including training personnel, conducting onsite exercises, creating multiple customer scenarios, and presenting a report on the testing outcomes.

STN will conduct continuing onsite exercises to test your plan against real-world scenarios scripted by STN.

Once each exercise has been completed, STN will provide a report on the results of the exercise and a question and answer session.

Phase 3

Plan Refinement

On an ongoing basis, STN will work with you to make adjustments as needed and conduct additional onsite exercises to ensure that:

Checkmark  Incident Response Plan meets your needs

Checkmark  Addresses regulatory and compliance requirements

Checkmark   Is continuously updated to reflect the ever-changing cybersecurity landscape

  • Identify and document any changes to relevant laws and standards as they relate to your organization
  • Identify and document any changes to Incident vs Event classification
  • Identify and document any changes in Subject Matter Experts, Stakeholders, information systems, and critical assets
  • Identify and document any changes to the communication plan, response plan and/or phases
  • Identify and document any changes in the IR team’s required equipment and assets based on any new requirements and/or changes
  • You cannot be confident about the implementation of your security controls without testing them first and the best way to test your security controls is to simulate what the bad guys would do to evade or circumvent your security controls.

Chris Akenson headshot Chris Akenson, CISO, STN

Get Secure Today

The best way to evaluate the risks of system misconfigurations based on the results of a simulated attack.

Get in touch

Let’s discuss your NIST compliance needs.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2021 STN Inc. All Rights Reserved.