If determining where to start when creating a knock-out incident response plan (IR) has you scratching your head, consider a generic incident handling procedure template from the Computer Security Incident Response Team. This baseline document will need to be tailored, of course, to meet your organization’s specific needs, but it can indeed serve as a springboard to get the IR team’s creative juices flowing.
Consider these components of an effective plan:
1. Start with something easy—an emergency contact/communications list. Note the info for those who “need to know” ASAP in the case of a possible security loss or breach.
• Incident response team
2. Some areas to consider as the plan comes together:
- Executive management team
- Legal team
- Forensics company
- The public relations guys
3. Another invaluable list that needs to come together addresses the IT issues that surround a breach.
- What defines a “security incident”? Is an attempt treated the same as a successful attack?
- Where are we most vulnerable?
- Where have threats surfaced in the past?
- What equipment/software/programming is most likely to fail, resulting in a security incident?
4. Using the info gleaned from the above questions, prepare the following ahead of time:
- Who will make the call about disconnecting the internet? What’s the process for doing so?
- System information and configuration diagrams, including device descriptions, IP addresses, OS, backup programs/software, etc.
- Include all the “techy” jargon but also a “layman’s” version as well, something as simplified as possible.
“If this happens . . . Then we do this” scenarios. This will allow a proactive approach to begin immediately. Include who does what, a detailed list of steps, and a specific yet realistic timeline.
Pre-prepared emails and talking points can help communicate the issues clearly and concisely while helping to prevent potential negative press or other negative repercussions once the news breaks.
5. Then it’s time to TRAIN, PRACTICE, AND REPEAT.
Brandon Vasciannie advises, “Just like any other process; incident response plans require practice and training to be effective. Running simulated breaches and responses for various scenarios will allow your organization to fine-tune its incident response plan, improving readiness for when the real deal occurs.”
If your employees are in the dark about the IR program, merely having an incident response plan won’t be of much help. Only awareness and proper training will make that plan you sweated over actually be an asset in the event of a breach.
“Test the response plan through tabletop exercises,” suggests David Ellis. “These exercises familiarize your employees with their particular roles in a data breach by testing your response plan through a potential hacking scenario.”
It’s okay to sincerely hope you never have to put the IR plan into action. It’s not okay to convince yourself you’re protected “enough” that a plan-of-action is unnecessary.
When MPS Technical takes care of recruiting quality employees, you have more time to focus on other areas crucial to your company’s success—like cybersecurity. Give us a call today.