05 Sep 9 Parts of an Effective Cyber Incident Response Plan
Your organization’s response to a cyber-incident should be guided by a plan that limits damage, reduce data recovery time and costs, and increases stakeholder confidence.
This response plan should be accessible to key decision makers in your organization and should provide specific steps that guide an employee through what to do in case of an incident. The plan should, at a minimum, be reviewed annually by an IT support company like Focused Technologies.
- Assign an executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
- Develop systematic chart of risks, threats, and potential failure points, each with an appropriate response and a rating of how it could impact your organization. Refresh them regularly based on changes in the threat environment.
- Develop easily accessible quick-response guides for likely scenarios and hold your staff accountable for knowing what to do in the event of an incident.
- Establish processes for making major decisions, such as when to isolate compromised areas of your network. (This may involve bringing certain systems off-line, so you have to weigh the risk costs vs downtime costs)
- Maintain relationships with key external stakeholders, such as law enforcement. Contact your local police department and FBI office to find out who you should contact in the event of an incident.
- Maintain service-level agreements and relationships with external breach-remediation providers and experts.
- Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
- Identify the individuals who are critical to incident response and ensure redundancy.
- Train, practice, and run simulated breaches to develop response “muscle memory.” The best-prepared organizations routinely stress-test their plans, increasing employee awareness and fine-tuning their response.