Your organization’s cyber incident response plan (given you have one) is an important element of your overall cyber-resilience. When a breach is detected, having a well scripted plan is essential to a rapid, well thought out response that encompasses all the organizational elements necessary; board, PR, management, IT, accounting, HR, marketing and more.
It is a critical task to keep your incident response plan updated and ready to go; too often organizations put a significant effort into the creation of a plan only to let it degrade through non-attention. Some key elements of the plan review include:
- Threat Scenarios: The plan should be augmented with additional attack vectors that should be anticipated and planned for. There is a continuing stream of information in the news, through vendors, and industry associations that will pinpoint new areas of concern.
- New Partners: Your organization is likely adding and removing partners who will be involved in a cyber-breach response. Insuring that these partners are identified in the plan in terms of their role, contact information, service level and response agreements will avoid confusion in an actual incident.
- Internal People Information: Responsible people inside the organization will shift and change roles, so it is key to keep current information accurate. This is also important for vacations by critical personnel; identifying who has been designated responsible will help smooth a rapid response.
- Internal Systems Information: Systems are continually being updated and reconfigured, so it is important to keep an accurate overview as part of the response plan. This can include ways to keep individual systems operational, and critical backup/restoration information.
Making a continual effort to be ready and completely accurate at a moment’s notice will pay dividends in the event of an attack.