Awesome DFIR - Digital Forensics & Incident Response
📈

Maturity

Incident Response Capabilities

image
swannman/ircapabilities

The Incident Response Hierarchy is modeled after Maslow's Hierarchy of Needs. It describes the capabilities that organizations must build to defend their business assets. Bottom capabilities are prerequisites for successful execution of the capabilities above them: The capabilities may also be organized into plateaus or phases that organizations may experience as they develop these capabilities: This diagram is available as images ( explanations, plateaus) or as a PowerPoint deck.

github.com

swannman/ircapabilities

Evaluating your maturity

SIM3 Model & References

CSIRT Maturity is an indication of how well a team governs, documents, performs and measures their function. The maturity of a CSIRT is measured with the Security Incident Management Maturity Model, also called SIM3.

opencsirt.org

SIM3 Model & References
Cyber Security Incident Response Maturity Assessment

Cyber Security Incident Response Maturity Assessment CREST has developed a maturity model to enable assessment of the status of an organisation's cyber security incident response capability. The model has been supplemented by a spreadsheet-based maturity assessment tool which helps to measure the maturity of a cyber security incident response capability on a scale of 1 (least effective) to 5 (most effective).

www.crest-approved.org

Cyber Security Incident Response Maturity Assessment
Maturity-Assessment-Tool_Detailed.xlsm1551.7KB
Maturity-Assessment-Tool.xlsm537.4KB