Keep your momentum going

Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.

Computer security textbooks recommend testing your incident response plan. It's a good idea on paper and does serve as a good way of validating that your plan is a good one. It's just not very practical in the real world. You may not be able to simulate an all-out breach, but do take a day or two every year for a sanity check by getting together with your colleagues and walking through things to see how everything would actually play out.

Once that inevitable breach does occur, turn the negative situation into a positive learning experience and rework your incident response plan. It'll undoubtedly need a refresh. Remove what wasn't needed, update what didn't work and add what you forgot about. An incident response plan, like your resume, is constantly changing and is an evolving work of art. Put extra effort toward updating and maintaining the former so you can better react to security breaches and not have to worry about working on the latter afterwards!

Plan for a security breach, step by step

  Step 1: Define what "breach" means to your business
  Step 2: Don't overlook critical network infrastructure systems
  Step 3: Know who to contact and have that information available
  Step 4: Develop a simple yet methodical set of response steps
  Step 5: Get input from others affected by a security breach
  Step 6: Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at [email protected]>.

Read more on IT risk management