Security Think Tank: Planning key to incident response

Opinion

Security Think Tank: Planning key to incident response

Much has been published about incident response: there is a comprehensive document produced by the US National Institute of Standards and Technology and several thousand books have been published on the subject.  

We at (ISC)2 cover incident response in our CISSP Common Body of Knowledge and divide it into three major components: creation  of a response capability; incident handling and response; and recovery and feedback. There may also be a forensics piece to the incident response and management, which will of course place certain restrictions and requirements on the plan.

40199_Security-think-tank.jpg

However, as Dwight Eisenhower once said: “plans are nothing, planning is everything”. No incident will follow the crafted plan – but by creating a plan, the incident response team will think through what can happen, discuss the options they may take and the decisions they have to make. 

Organisations that have incident response as part of their cyber insurance policy, will still need to plan how to integrate the various specialists and suppliers who are provided as part of the policy.

A good plan will, of course, not just have an IT and security focus. Other parts of the business – such as legal, HR and PR – should be involved. Plans should be made for communicating with the media, regulators and customers if a breach occurs, using all forms of media and individuals should be assigned the responsibility to communicate. 

Various scenarios – examples include being ‘doorstepped’ by a reporter, reacting to a tweet stating a breach has occurred, or reacting to a published ransom demand – should be planned and rehearsed, so the organisation can quickly state its message and the facts to all concerned.

Finally, a good plan will be rehearsed many times. It will not be left on the shelf but will be a living document, used and updated and enhanced regularly.

Adrian Davis is managing director EMEA for (ISC)2

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2014

 

COMMENTS powered by Disqus  //  Commenting policy