Texture Side Right Grey 03

Response Readiness Assessment

Assess your team’s ability to detect, respond to and contain advanced cyber attacks

The Mandiant Response Readiness Assessment evaluates an organization’s incident response (IR) function which includes their Security Operations Center (SOC) and IR capabilities. It compares the IR function against leading practices to determine what capabilities are needed and how best to implement them.



Using a combination of team discussions, internal document review and tabletop exercises, Mandiant consultants conduct a comprehensive survey of your existing cyber security event monitoring, threat intelligence and incident response capabilities to deliver a detailed roadmap and specific, cost effective improvement recommendations. During the assessment, our consultants examine six key areas of your program to ensure best practice incident response readiness:


Serves as a foundation for an effective IR function that advances the organization's greater strategic objectives.

Threat Intelligence

Uses attacker intelligence to reduce internal and external threat risks and create effective threat response strategies.


Represents the people, processes, and technology that detect threats across the organization's business architecture.


Represents identification of the incident type, impact assessment and determination of proper IR actions to be taken.


Represents the processes that allow communication of IR information to important internal and external stakeholders.


Signifies the measurement and development strategies needed to maintain and improve the IR function.


“The best-case scenario when experiencing a disruptive attack is that you are well prepared and able to minimize the damage.”

- M-Trends

What you get

  • Independent Assessment
  • Best Practices Overview
  • Tabletop Exercise
  • Prioritized Recommendations
Six Core Capabilities Model

Six Core Capabilities Model

Our Process

Step 1

Assess your ability to detect, respond and contain threats

Mandiant consultants review your SOC and IR documentation and compare your current processes against industry best practices to establish your baseline performance. They also conduct detailed staff interviews to better understand SOC and IR processes that are unique to your organization.

Step 2

Test your processes with tabletop exercises

Incident scenarios (i.e., system compromise, unauthorized access of personally identifiable information(PII), policy violations, inappropriate emails) are simulated to evaluate your organization's response processes from incident detection to closure.

Step 3

Adopt recommendations and custom roadmap

The observation identified during documentation review, staff interviews, and the tabletop exercise will be used to develop the final report and presentation. Your organization will be benchmarked against legal and regulatory requirements, and industry best practices. The RRA will highlight your organization's SOC and IR strength's, and identify improvement opportunities.

Related resources

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about consulting services.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914