- Introduction outlining the purpose and scope of the plan
- A list of security incident response team members and full contact information mentioned above
- A list of the types of incidents that will cause you to invoke the plan mentioned above
- Technologies and operations in place to detect incidents
- Specific steps for containing incidents
- Procedures for investigating what happened. (Don't overlook the value of a formal cybercrime investigation if it appears to be serious enough; otherwise, you can end up overlooking things or ruining evidence.)
- High-level steps for eliminating the threats and associated vulnerabilities (ideally one set of steps for each type of incident)
- Specific steps for following up to ensure the threats and vulnerabilities are gone (such as virus scanning, port scanning, vulnerability testing and network analysis)
- Procedures for communicating with external parties such as customers, business partners and the media (this may be one of the first things your organization is required to do!)
- Requirements for retaining records related to security breaches
In the end, make sure your plan addresses these six major areas:
- Who does what?
- What must be done?
- When must it be done?
- Where must it be done?
- How must it be done?
- What's done when all is said and done?
Plan for a security breach, step by step
Step 1: Define what "breach" means to your business
Step 2: Don't overlook critical network infrastructure systems
Step 3: Know who to contact and have that information available
Step 4: Develop a simple, methodical set of response steps
Step 5: Get input from others affected by a security breach
Step 6: Keep your momentum going
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at firstname.lastname@example.org>.