Incident Response Readiness – Is your organization ready for a breach? Have you ever undergone a breach? Is there a breach going on right now? Or, ahem… have you undergone a breach and were not even aware that it occurred? Yikes…
Let’s just get it on the table. You’re likely going to be breached. It’s best to have a plan in place. It’s called an Incident Response Readiness Plan. You probably have a Disaster Recovery Plan and Business Continuity Plan already. We’re better prepared for natural disasters and acts of terror than we are for Information Security Incidents. Well, an incident can just as easily take your business off-line or wipe it out financially, as easily as a natural disaster.
Here are some components of what goes into Incident Response Readiness:
Assess your technology.
- What do you have in place for logging and monitoring?
- What are your network forensic capabilities?
- Do you have advanced malware threat detection in place?
- Have you reviewed your security architecture or done a controls review or vulnerability assessment? Do you know where the holes are? The hackers do. (And, by the way, some of the biggest potential vulnerabilities are in the un-trained, security knowledge-lacking user community.)
Review your contractual requirements.
- Have you identified your contractual requirements?
- Do you know what the breach notification requirements are?
- Do you have requirements identification SLAs in place for 3rd Party Response?
Put together your plan. Here are some of the key phases of what happens during an incident:
- Identification of the incident
- Containment of the incident
- Eradication/Investigation of the incident
- Recovery from the incident
- Report and Follow Up
All the way along these phases, there are important steps to take, things to NOT do, different departments to get involved, and communication to appropriate management/legal/HR. Depending on the extent of the incident, outside notifications to affected parties may be required depending on your regulatory requirements.
Train your people.
- Do you have a CIRT? (Computer Incident Response Team)
- Get First Responder Training
- Who’s in charge? You’ll need a point person to direct traffic
- What’s your communication plan?
Practice your plan. Test it. Do some fire drills.
You’ll sleep better at night. 🙂
Sr. Account Executive