Problem
A government defense contractor that provided services to multiple military bases needed assistance with an incident response plan. As they were preparing from CMMC Certification they realized being able to respond to an incident would be critical. They have never had an incident, but wanted to be prepared, just in case.
The contractor has a physical presence on multiple military bases and their computer systems are connected between the two. They needed to coordinate a response with employees in multiple locations as well as coordinating any response with the proper military personnel. On top of that, they use a third-party MSP for their IT services.
Solution
We worked with the contractor to develop a custom incident response plan that was tailored to their needs. It included a communication plan that involved the proper chain of command with military personnel. It accounted for the fact that they had CUI (Confidential Unclassified Information) which needed to be protected.
In addition to the incident response plan, we conducted a tabletop exercise to walk through their new plan with company leadership. By practicing the plan, we were able to work through potential issues ahead of time and leadership was able to practice making decisions before it was a critical situation. None of the contractors employees had ever gone through an exercise or had any experience with a real incident.
Costs: $10,000 – $15,000
Approach
Since the client had no previous experience dealing with an incident and little knowledge of what an incident response plan should include they relied on our expertise to guide them through the process. We leaned on our experience and background while interviewing the client to understand their needs. In the end the client got a comprehensive incident response plan that fit their business needs.
For the tabletop exercise, we prepared 3 or 4 scenarios ahead of time, based on what we knew about the client. We tried to find practical examples that were relevant to the contractor. We conducted the exercise onsite with company leadership in the room. At the end, we wrapped up with lessons learned and a checklist of items that needed to be addressed.
Results
The client got an incident response plan, a practice run through an incident, and a roadmap of items that will help them improve going forward. The plan is to continue the tabletop exercise on an annual basis with updated scenarios. The best part is the client is more confident in their ability to respond, should an incident occur.