A security incident can be a costly experience for any organization, not just in lost revenue or profits, but the soft costs that may take time to identify. The fallout from not having an Incident Response Plan in place could make it even worse.
Incident response plans are important because they help guide your actions in the event of a security breach or other serious issue. Successful Incident Response Plans are built on many different considerations, including how you will respond to an incident and what resources you have available. Developing a plan is critical for every business that wants to protect its assets and reputation – don’t take chances with yours!
The Plan
The Incident Response plan needs to be clear, concise, and well-defined. This will include workflow, communication plan, containment, and eradication procedures.
The Incident response team should consist of personnel from all different departments in the organization and thrid party providers with specific roles delegated during an incident or breach. Everyone must know their role because it could mean the difference between a successful Incident Response and an unsuccessful one.
Regular Testing
It is equally important that the Incident response team be trained regularly to ensure they are up-to-date on all of their responsibilities.  Each member needs to understand the tools available for use during incidents, and company policies governing incident response.
Establishing what it means to report an incident can also help protect everyone involved in responding to an incident. When a security researcher or third party discloses what they found, how it was disclosed and the response from your organization will impact their professional standing and company reputation as well.
A successful Incident Response Plan has been created with all of these considerations in mind and everyone is qualified to perform their assigned tasks during an Incident.
What Needs to be in the Plan
These are the next steps you need to include in your incident response plans:
- Incident Management Process
- Containment Strategy & Metrics
- Incident Response Workflow
- Communication Plan
- Eradication Process.
After the security incident is resolved, be sure to include a post-incident review that includes lessons learned and an updated version of your documentation.
