{
  "docId": "019dd923-5e88-73ef-bd57-cf13ce8ed1d4",
  "docSlug": "72b88f635783ce33",
  "documentTitle": "incident response insights january 2025",
  "authorId": "BoozAllenHamilton",
  "authorName": "Booz Allen",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "landscape",
  "aspectRatio": 1.778,
  "pageNumber": 8,
  "pageCount": 10,
  "prevPage": 7,
  "nextPage": 9,
  "slideType": "initiative_list",
  "function": "summarize",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "Part of a series on top 10 security controls for underwriting.",
  "elementsJson": [
    "headline_text",
    "bullet_list",
    "paragraph"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5e88-73ef-bd57-cf13ce8ed1d4/8",
  "deckHref": "/decks/019dd923-5e88-73ef-bd57-cf13ce8ed1d4",
  "deckJsonHref": "/decks/019dd923-5e88-73ef-bd57-cf13ce8ed1d4.json",
  "deckAnchorHref": "/decks/019dd923-5e88-73ef-bd57-cf13ce8ed1d4#slide-8",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Immutable backups are preferred as they can not be deleted or changed.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-1042-7629-9be0-4e3ac3023fe0",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.25,
        "w": 0.35,
        "x": 0.2,
        "y": 0.12
      },
      "kind": "list",
      "text": "8) Backups (cont.)\nIf backups are stored offsite, check if the storage provider retains backups copies and if there are protections in-place to prevent deletion of the backups. Immutable backups are preferred.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "2df188ff-c7df-4375-a684-9282cc9699e4",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.45,
        "w": 0.35,
        "x": 0.2,
        "y": 0.42
      },
      "kind": "list",
      "text": "9) Know your environment/Asset List/Software list/RMM & RDP Tools\nHave a network diagram and asset list. Review for unauthorized software. Only use approved RMM tools with MFA.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "31fbc466-9bbc-4d59-8de0-b605ceeb5300",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.65,
        "w": 0.35,
        "x": 0.6,
        "y": 0.2
      },
      "kind": "list",
      "text": "10) Incident Response Planning and Testing\nHave a written plan. Conduct testing and simulation. Ensure 24x7 contact info for decision makers. Preserve evidence for forensic investigation.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "cb89b7f9-9f68-4268-a089-6276d9c40148",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.35,
        "w": 0.16,
        "x": 0.02,
        "y": 0.18
      },
      "kind": "paragraph",
      "text": "IR Update Summary: Read on for a summary of our Incident Response team's recent observations alongside insights from across the cybersecurity community.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "3c3672c1-b47f-48bc-9b22-384436b32f8e",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.5,
        "x": 0.2,
        "y": 0.03
      },
      "kind": "title",
      "text": "Underwriting Focus Area – Top 10 Security Controls - #6 to #10 (cont.)",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7b0571fb-d51c-4055-ae1f-38431ce865b8",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 8,
      "from": 7,
      "beatId": "bd27ea9a-e6f5-4654-85e4-0ef70838c072",
      "arcName": "The Sparkline",
      "arcSlug": "sparkline",
      "beatName": "Solution & Approach",
      "beatSlug": "consultants-gambit-solution-approach",
      "evidence": "Slides 7-8 list underwriting focus areas – top 10 security controls",
      "position": 3,
      "confidence": 0.8,
      "parentBeatName": "Turn",
      "parentBeatSlug": "turn"
    }
  ],
  "loops": [
    {
      "to": 8,
      "from": 7,
      "name": "Quick Win Big Bet",
      "slug": "47-quick-win-big-bet",
      "bestFor": "Transformation planning, 100-day plans, resource allocation",
      "matchId": "3e012379-c218-4e95-9b42-73de08e48d72",
      "evidence": "Slides 7-8 list underwriting focus areas – top 10 security controls",
      "position": 2,
      "objective": "Identify top security controls for underwriting focus",
      "structure": "The Full List -> Quick Wins (Low effort, High impact) -> Big Bets (High effort, High impact) -> Sequenced Roadmap",
      "confidence": 0.6,
      "description": "Separate initiatives into immediate wins and longer-term strategic bets"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}