6 steps for building a robust incident response plan

While a lot of energy is put it into avoiding security breaches, it’s not always possible. A solid incident response plan can restrict damage, reduce recovery time and limit the associated costs.

Most InfoSec professionals are firmly focused on prevention. We build systems and adopt tools to help safeguard against phishing attacks and ransomware and all the other myriad threats that businesses face on a daily basis. But what we often end up with is a mish-mash of different technologies that have not been integrated or configured properly.

The potential cost of a data breach drives rapid adoption of new software, but the frenzied firefighting approach prevents us from stepping back and taking in the big picture. Before we can fully leverage the systems at our disposal, we must accept that incidents will occur and build a clear incident response plan that can be relied upon to guide us out of danger.

What is incident response?

Incident response is simply how an organization responds to a data breach or cyberattack. The aim is to limit potential damage and ensure a swift resumption of normal operations.

While the global average cost of a data breach is $3.86 million and it takes 69 days on average to contain a data breach, according to the Ponemon Institute, companies that were able to respond quickly and contain a breach in less than 30 days saved more than $1 million. Clearly, a proper incident response plan makes a lot of business sense. Exercises throughout the year help train your muscle memory to work through the breach and response.

6 steps for creating your incident response plan

An incident response plan can provide a solid foundation for your future security efforts. Here's how to get started.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!