The "Response" function in cybersecurity

The "Response" function in cybersecurity​

Our previous articles discussed the importance of implementing healthy cyber hygiene governance as a crucial aspect of our CyberRisk Control CISO-360 intervention and diagnosis plan. We addressed the following functions: “Identify,” which determines the value of assets and their impact on the organization; “Protect,” which implements protective barriers for these assets; and “Detect,” which enables quick identification of threats before a disaster occurs. Despite all the protections put in place, 100% protection is impossible, and managers must be prepared to face a cyberattack. It is the “Response” function that allows losses to be limited, which we address in this article.

Pierre Farley
Eficio Partner and CIO

Avoiding the negative impact of a cybersecurity event is the objective of this function. What to do when a cyberattack is detected, and the speed at which you intervene will make the difference between an event or a crisis to manage. Organizations must create and maintain a detailed response plan to apply during a cybersecurity event.

The items normally included in such a plan are:

• Response planning – Prepare response policies and procedures. Identify responsible parties to avoid improvisation.

• Mitigation – Limit the spread and mitigate the effects of the cyberattack.

• Communications – Identify communication governance and internal and external channels. Include legal obligations such as Law 25 which requires the disclosure of information to authorities.

• Analysis – During the response plan execution, ensure governance and follow the plan to support activities. Note failures and points of reinforcement.

• Improvements – Conduct a post-mortem analysis of response activities and reinforce the plan and processes.


The CyberRisk Control CISO-360 diagnostics that we have conducted allow us to observe that the “Respond” function is consistently less mature in organizations than the previous ones (Identify, Protect, and Detect). Cybersecurity teams instinctively prioritize protection and detection to achieve a certain level of maturity before tackling the response aspect. This is a paradox, as the less mature a security posture is, the greater the chances of resorting to a response plan.

The CISO-360 CyberRisk Control diagnosis is carried out by Eficio experts, who are all IT managers and cybersecurity experts. They have a comprehensive view of the security aspect and take into account the impacts for your organization. The CISO-360 CyberRisk Control methodology goes beyond a mere validation matrix for cybersecurity controls. We weigh the risks according to the size and reality of your organization and provide an associated response plan. Eficio experts bring their experience in the assessment and recommendations. They will explain your current findings transparently, and more importantly, they will be your allies to advise you on the recommended approach, taking into account your organizational capacity. This is what sets Eficio apart.

If you would like to respond to this article or obtain further information, please do not hesitate to contact Eficio.

You can access all the articles in our folder by following the links below: