About Us

About Us


An ideal cyber crisis management platform ensures the security and smooth operation of critical airport systems, with structured incident response plans, defined roles, regular drills, and clear frameworks to handle crises like ransomware attacks. FlexibleIR is used as an example but can be replaced with an alternative solution.


The purpose of an ideal cyber crisis management platform is to ensure the security and smooth operation of Bangalore International Airport's IT infrastructure, including real-time response, coordination, and mitigation of cyber crisis / incidents. Here FlexibleIR is taken as an example for indicative and visual purposes. Can be replaced by an alternative solution. The features set and requirements would remain the same.


The scope of the platform focuses on critical airport systems (e.g., air traffic control, passenger information systems, baggage handling), and intended users (e.g., IT staff, security teams, airport management).


The organisation needs to have clear Blueprints and Frameworks established to respond to a cyber crisis like a Ransomware attack.


The below ingredients are essential:


  • The Cyber Crisis response needs to be structured. No Ad-hoc response.
  • Incident Response Plans with well-defined roles and responsibilities, SLAs defined, Communication details, and templates.
  • Playbooks with the course of actions to respond - both technical and management levels.
  • Regular TableTops and drills - clear after-action reports (AAR)
  • Take up real case studies & see how your organization would respond.
  • Have a catalog of them handy to tell stories to your organization.
  • Have a quick framework for identifying the adversary and Ransomware family.
Key Features

Key Features

  • The Platform should be able to perform online all the functions described in the Cyber Crisis Management Plan (CCMP) in conjunction with the IR plans, Recovery plans and Communication Plans.
  • The crisis management platform to should primarily support the 3 key phases of Crisis response.
    1. Pre-crisis
    2. During-crisis
    3. Post-crisis
  • Should support the management of a library of anticipated threats.
  • The overall platform should be Playbooks driven. Both technical and management-level playbooks should be available. - (The CXO level playbooks are key)
  • A fully simple real-time coordination platform in a fully different network when entire company networks are down.
  • All users and logins to have pseudo-name or role-based or anonymous names.
  • Simple and easy Desktop and Mobile interfaces are available. Low network bandwidth usage as users could be on vacation and be able to log in and work from remote locations.
  • Support a large community of internal and external stakeholders (Ability to invite new users or guests).
  • Ability to continuously take up crisis scenarios and practice.
  • Must be able to support long-running incidents - Would sometimes last for a few weeks.
    1. The range could be from 30 Mins to a few weeks.
    2. Ability to support shifts as the investigation and restoration work could continue for long durations. Eg a large database restoration activity could take 2 days based on the backup device.
  • Should support restoration workflows which are highly dependent on the CMDB/Asset databases.
    1. Should support applications-wise restoration - The order being key from Database to middleware to the web tier.
  • Should be highly aligned with the MITRE ATT&CK matrix.
    1. The platform should strongly support adversarial thinking.
  • Should be able to support Ransomware negotiation chatbots for practice.
  • Support for the creation and management of Cyber crisis communication templates.
  • Should support the creation of basic and advanced After Action Reports.
Contact

Contact

Your message is important to us. We will ensure to get back within 24 hours.

Email Us

contact@flexibleir.com

Loading
It's a pleasure and we will contact you within 24 hours! Message not sent, please try again.