A security practitioner's take on CISA’s Incident and Vulnerability Response Playbooks

The new CISA playbooks provide sound guidance on incident and vulnerability response, but mainly from a process perspective.

API security alert / software development / application flow chart diagram
SPainter VFX / Getty Images

President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity tasked the U.S. Cybersecurity and Infrastructure Security Agency (CISA) with developing a standard set of operational procedures for the Federal Civilian Executive Branch (FCEB) to use when responding to incidents and vulnerabilities. CISA recently released the Cybersecurity Incident & Vulnerability Response Playbooks as a single document. While this guidance is intended for FCEBs, it may be applicable to other entities as well.

What follows is an analysis of that guidance from the perspective of a security practitioner.

Cybersecurity Incident Response Playbook: The good

 The Incident Response Playbook builds on the widely used NIST 800-61 r2 Computer Security Incident Handling Guide, which is referenced by countless organizations when it comes to building incident response (IR) capabilities and carrying out IR activities. This involves standard IR phases of:

  • Preparation
  • Detection and analysis
  • Containment
  • Eradication and recovery
  • Post-incident activity
  • Coordination

The guidance provides comprehensive details for each IR phase so that FCEB and other organizations leveraging the playbooks can take actionable steps to improve their IR processes.

To continue reading this article register now

Microsoft's very bad year for security: A timeline