Incident response

Reviewing incident response plans for data risk preparedness

Don’t let holes in your incident response plan review open gaping vulnerabilities in how you act on security events.

Incident response plan reviews are growing in importance with the rapidly increasing numbers and types of information security incidents that enterprises must face. The enterprise must approach these reviews with a view toward effective event response.

Yet more than one-quarter of IR professionals (26 percent) are dissatisfied with their current organization’s IR capabilities, calling them ineffective, according to a SANS Institute survey on the state of IR. After initial plan creation, the review is the opportunity to correct that ineffectiveness.

Where To Look For New Information Risks

The point of reviewing an incident response (IR) plan is to ensure that it still addresses the real risks that an enterprise faces. In order to update an IR plan to include new risks, an organization must have ample resources that provide an awareness of at least the moderate to high risks. These are the risks that are most likely to result in damage.

Some of the best resources are records of recent events involving data breaches, and, according to M. Scott Koller, counsel at BakerHostetler, the use of tabletop exercises. Tabletop exercises can show an enterprise how it is not prepared.

[ MORE IN THIS SERIES: Why you need more than daily practice to be good at incident response | How to review and test backup procedures to ensure data restoration ]

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!