Sometimes it takes a cybersecurity incident for a company to start moving resources into securing information within an organization. Such incidents can be handled with proven incident response methodologies similar to the PICERL model as documented by Patrick Kral. Ultimately, there will be iterations of process improvement that help to shore up the security policies for the organization. Addressing the middle ground will help to provide a stop-gap between the two using a method called T.R.A.P.
T.R.A.P. is a simple list of steps that immature and mature cybersecurity programs can use to take up slack that may be present during transitionary periods. Triage and Resolution, Assessment, and Process Improvement make up the proposed methodology. It should be noted that this is a generalistic approach at providing a structured process for organizations that may be looking to move past acute symptom management and into a more mature security framework. By keeping a simple approach in mind, stakeholders and operators can work from within a conducive atmosphere.
Triage and Resolution are dependent on the ability of a team to work on consice and immergent threats to information security. The previously mentioned PICERL model as outlined in “The Indicent Handlers Handbook” is an industry standard for handling incidents that arise. This should be considered as the authority for information protection.
The Assessment phase is one in which the team can explore luxuries such as Risk Analysis, and the Quantification\Qualification of threats as they relate to the vulnerabilities that assets face. Depending on the maturity of the cybersecurity program, this Risk Analysis can get very complex. Threat modeling may be introduced as said program develops.
The ultimate goal for the T.R.A.P. method results in Process Improvement. This is not to say that the entire methodology is complete after a single iteration. Instead this phase allows for the creation of policies and modifications in the form of Risk Mitigation. The continual improvement of processes can and should be done with project management methodologies. Care should be taken for the proper amount of resources assigned to this phase as traits such as cost and scope creep might de-rail improvements.
When applied as a stop-gap, or a tool for communicating to upper management the T.R.A.P. methodology can be as complex as the situation calls for. Simplicity of a methodology or process can often be over-looked for feature rich solutions. Attempting to cater to the middle ground with this solution should help to ensure it’s success.