We are proud to announce the launch of our own homegrown, complete SEIRIM Cybersecurity Playbook built from the ground up based on our own years of experience and resources from helping clients at many points along the cybersecurity life cycle.

Explore it all here: https://playbook.seirim.com/

Written explicitly for the needs of SMEs and organization on tight manpower and resource budgets, we cover all needed steps to have a secure, resilient organization that can minimize exposure to attacks and lessen the impacts when they occur.

The playbook stems from our learning and working with many other playbooks and frameworks, including, NIST (National Institute of Standards and Technology from the US govt.) CSF 2.0, CISA (Cybersecurity & Infrastructure Security Agency from the US govt.) playbooks, the CIS (Center for Internet Security) Controls, and many more we have leaned on over the years, a whole appendix of which can be found in this section of the playbook here: https://playbook.seirim.com/appendix/more-cybersecurity-playbooks/

Positioning

Note that our playbook, for as much as we try to tell "exactly what to do" at every stage, is always:

• A Starting Point - we go through all the key things to do but can't detail how to do every action exactly. Each step requires technical team members to conduct the tasks specifically for the environment, software, hardware and networks scenarios of their particular environment
• A Checklist - a key goal here, and the idea behind, the playbook is to make sure teams (including our own) don't forget key issues and steps during the process. This is key in times like during an incident, but it's just as important in preparation.
• A Discussion Outline - the playbook is partly written to help answer a common answer from our clients - "what do we do?" and then we make the light joke, "well, a 1000 things, ha, starting with these 100". There truly are a seemingly endless array of issues and tasks to attend to, and this can seem overwhelming. In our playbook, we intentionally break it all down into what we feel is the "Goldilocks balance" of steps, sections and concepts to help approach and accomplish all we need to do.

Ideally the playbook helps to look back and forth throughout the process to get a better grasp on the whole cybersecurity process and succeed in getting the work done - all without leaving any key consideration missing.

Structure

We have previously felt that other playbooks often squeeze too many important topics into too few topics, like with the NIST Cybersecurity Framework it's broken down by Govern, Identify, Protect, Detect, Respond and Recover - which is great but for us doesn't make separate some sections we feel need to standalone, like Assess, Review, and Educate.

Likewise, some frameworks list many topics at the some tier one level, like with the CIS Controls calling out 18 different top level topics.

In our paradigm we organize the playbook by the following sections:

1. Assess

• Assess - Understand the current threat environment, where you organization is generally vulnerable, and its current security maturity status
• 1.1 Understand Common Attack Types
• 1.2 Understand the Current Threat Environment
• 1.3 Gather Compliance and Contractual Requirements
• 1.4 Conduct a Risk Assessment
• 1.5 Measure Current Security Maturity Gap

2. Identify

• Identify - Take stock of every single asset and entity important to your organization and that it relies on to provide your service, including data, users, hardware, software and services, dependencies and more.
• 2.1 Identify Data
• 2.2 Identify Physical Assets
• 2.3 Identify Apps and Services
• 2.4 Identify Users and Accounts
• 2.5 identify Dependencies

3. Protect

• Protect - A deep dive and a lot of tasks here, including everything from Identity and Access Management to backups to vulnerability management, systems hardening, network security and more.
• 3.1 Identity and Access Management
• 3.2 Backup Regimes and Recovery Readiness
• 3.3 Systems Hardening and Secure Configuration
• 3.4 Vulnerability and Patch Management
• 3.5 Endpoint, Server, and Mobile Device Protection
• 3.6 Email, Web, Cloud, and SaaS Protection
• 3.7 Network, Remote Access, and Internet Exposure Protection

4. Detect

• Detect - A proactive, functioning and diligent system of observation must be maintained to ensure the organization is kept secure.
• 4.1 Detection Ownership and Coverage
• 4.2 Logging, Alerts, and Security Visibility
• 4.3 Monitoring the Main Attack Paths
• 4.4 External Exposure and Control Failure Detection
• 4.5 Employee Reporting, Triage, and Handoff to Respond

5. Respond

• Respond - Incidents will occur, and it's key to already have robust plans in place for when they do and to follow the when the incidents occur.
• 5.1 Incident Response Ownership and Activation
• 5.2 Initial Triage, Evidence, and Incident Classification
• 5.3 Containment and Immediate Risk Reduction
• 5.4 Communication, Escalation, and External Support
• 5.5 Eradication, Stabilization, and Safe Handoff to Recover

6. Recover

• Recover - Extending on the incident response, the restoration process needs to be orchestrated carefully to not reintroduce the initial incident cause and communicate with all stakeholders properly.
• 6.1 Recovery Ownership, Priorities, and Readiness
• 6.2 Restore Systems, Data, and Access Safely
• 6.3 Validate Restored Systems and Business Operations
• 6.4 Communication and Business Continuity During Recovery
• 6.5 Recovery Documentation and Handoff to Review

7. Review

• Review - Post-incident actions are key to ensure incidents are less likely to reoccur.
• 7.1 Post-Incident Review and Timeline
• 7.2 Root Cause and Control Failure Analysis
• 7.3 Response and Recovery Performance Review
• 7.4 Improvement Actions and Control Updates
• 7.5 Evidence, Reporting, and Leadership Closure

8. Educate

• Educate - Staff and key employee education from executives through to IT, finance, HR and more need quality and ongoing training to minimize likelihood of errors.
• 8.1 Security Awareness Ownership and Training Plan
• 8.2 Core Employee Cybersecurity Training
• 8.3 Role-Based and High-Risk Team Training
• 8.4 Reporting Culture, Simulations, and Practice
• 8.5 Training Evidence, Metrics, and Continuous Improvement

Summary

All in all we will keep improving on the playbook over time and look forward to feedback from our clients that we work with or the public on areas to expand on the information, any considerations we have missed, and where we need to add more granular instructions.

As always we implore folks to not look away from the security in their organizations and to invest more time and resources upfront so they can pay less in consequences down the line.

If you need help implementing any part of the playbook or the cybersecurity life cycle don't hesitate to reach out to SEIRIM cybersecurity in Shanghai for our help.