Cybersecurity #4 – Creating a Knock-Out Incident Response Plan
If determining where to start when creating a knock-out incident response plan (IR) has you scratching your head, consider a generic incident handling procedure template from the Computer Security Incident Response Team. This baseline document will need to be tailored, of course, to meet your organization’s specific needs, but it can indeed serve as a springboard to get the IR team’s creative juices flowing. Consider these components of an effective plan: 1. Start with something easy—an emergency contact/communications list. Note the info for those who “need to know” ASAP in the case of a possible security loss or breach.• Incident response team
- Executive management team
- Legal team
- Forensics company
- The public relations guys
- What defines a “security incident”? Is an attempt treated the same as a successful attack?
- Where are we most vulnerable?
- Where have threats surfaced in the past?
- What equipment/software/programming is most likely to fail, resulting in a security incident?
- Who will make the call about disconnecting the internet? What’s the process for doing so?
- System information and configuration diagrams, including device descriptions, IP addresses, OS, backup programs/software, etc.
- Include all the “techy” jargon but also a “layman’s” version as well, something as simplified as possible.