Develop a simple yet methodical set of response steps

Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.

Entire books can and have been written on incident response methodologies. I'll take the pain and agony out of all that information and condense it into a few bulleted response steps:

  • Introduction outlining the purpose and scope of the plan
  • A list of security incident response team members and full contact information mentioned above
  • A list of the types of incidents that will cause you to invoke the plan mentioned above
  • Technologies and operations in place to detect incidents
  • Specific steps for containing incidents
  • Procedures for investigating what happened. (Don't overlook the value of a formal cybercrime investigation if it appears to be serious enough; otherwise, you can end up overlooking things or ruining evidence.)
  • High-level steps for eliminating the threats and associated vulnerabilities (ideally one set of steps for each type of incident)
  • Specific steps for following up to ensure the threats and vulnerabilities are gone (such as virus scanning, port scanning, vulnerability testing and network analysis)
  • Procedures for communicating with external parties such as customers, business partners and the media (this may be one of the first things your organization is required to do!)
  • Requirements for retaining records related to security breaches

In the end, make sure your plan addresses these six major areas:

  1. Who does what?
  2. What must be done?
  3. When must it be done?
  4. Where must it be done?
  5. How must it be done?
  6. What's done when all is said and done?

Plan for a security breach, step by step

  Step 1: Define what "breach" means to your business
  Step 2: Don't overlook critical network infrastructure systems
  Step 3: Know who to contact and have that information available
  Step 4: Develop a simple, methodical set of response steps
  Step 5: Get input from others affected by a security breach
  Step 6: Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at [email protected]>.

Read more on Hackers and cybercrime prevention