With all of the cyber attacks and breaches in the news, organizations are realizing the importance of an Incident Response (IR) program. In a nutshell, Incident Response is an organized approach to managing a security breach or cyber attack to limit damage as much as possible. But what do you need to consider when setting up your IR program?
First, you need to confirm what you have in place already, such as intrusion detection/network monitoring solutions to make you aware of a breach as quickly as possible, data flow mapping to know what may have been affected, and disaster recovery procedure in case data is corrupted and you need to restore from a copy.
Next, think about an actual breach. Who will need to be notified (Legal, PR firm, executive team, outside vendors)? It is important to have a process in place to plan responsibilities and put together contact information ahead of time so you don’t lose valuable time during an actual incident. Do you have people on this team who have the knowledge and experience to gather information and evidence properly and in the correct order? If not, you will want to contract with an outside party to have these resources in place when needed, not be trying to find a resource, do due diligence to vet them, set up an account, and work through scheduling when you are in a compromised state.
Although a cyber incident is never pleasant, the stress can be greatly reduced by proper planning.