10 steps for a successful incident response plan

Incident response plans are often left unused, leaving firms far less able to detect and respond to cyber attacks or data breaches. Here’s our 10-point process to ensure you set up -- or improve -- an IR plan that actually works.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Incident response (IR) plans are designed to test your company’s ability to respond to a security incident. The ultimate goal is to handle the situation so that it limits the damage to the business while reducing recovery time and costs.

Sadly, most IR plans fail to deliver on this promise. For companies that have one -- and according to one recent survey, one in three organizations don’t -- they are bare-bone, poorly set out and rarely involve any other lines of business (LOB) aside from the InfoSec and IT teams. Many remain rarely tested and reviewed, as thus not fit for their purpose when that incident strikes.

1. Address business issues and assign roles

As evidenced above, too few firms have an IR plan. For those that do, even the best laid plans can lack critical information or not include the right people.

Indeed, consultancy firm McKinsey advises that IR documentation is often “out of date” and “generic” and “not useful for guiding specific activities during a crisis.” This means you need to start with the basics, implementing a plan and mapping out the right structure and laying out employee roles.

To start, McKinsey advises that early in the development process, companies should involve the people who will own and maintain the IR documentation. This will help the program transition from a special IR initiative to business-as-usual (BAU) practices. It is also important to develop other key components, like an incident taxonomy (to help with attack identification and remediation) and data-classification frameworks.

Critically, it's important that these plans truly understand the business and outline the roles certain employees will play. Some suggest having one executive to bear responsibility for implementing the plan across business units and geographies is key, too.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.