Seven Key Components to Start Your Incident Response Plan

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next Seven Key Components to Start Your Incident Response Plan-2 Next

Incident response essential practices

There are two parts to establishing essential security practices for incident response: (1) adherence to compliance and laws and (2) definition of standard operating procedures that clearly document the steps for each incident type. Compliance requirements drive policy and privacy, and the controls that must be implemented. Any gaps in controls could well lead to incidents.

Organizations must proactively understand these vulnerabilities and create response procedures that are documented and implemented, hopefully using tools that help codify these processes for consistency across all teams. These essential practices should be reviewed periodically, and updated based on experience from responding to incidents, availability of new controls (tools), or changes in the regulatory or legal landscape. Note that the essential practices must include containment, remediation and prevention strategies, as well as contingencies like escalation and brand repair.

Today, organizations are overwhelmed with the volume, variety and complexity of cyber attacks. They are equally overwhelmed with the variety and complexity of cyber security solutions, particularly the overlapping capabilities offered by vendors with a "me too" attitude. This is flagrantly evident with "incident response tools;" every vendor wants to be their customer's incident response solution.

The cybersecurity incident response cannot be a simple extension or an after-thought. It's a discipline that organizations have tried to hone in on since the first malware was discovered, and it requires a thoughtful, evolutionary and comprehensive approach commensurate with the changing cyber threat landscape. Any tool that purports to be an incident response tool must seamlessly integrate with an organization's incident response strategy, the core of which includes an incident response policy, plan, procedures and service levels. Collectively, this is called the incident response program.

Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response program to effectively and confidently respond to the current and emerging cyber threats. More often than not, companies make simple mistakes in developing and implementing these programs largely because they are focused on the day-to-day, versus a comprehensive strategy to combat persistent cyber threats. Ken Silva, president of cyber strategy at ManTech Cyber Solutions, offers seven key elements required to establish a robust, evolutionary and durable incident response program that delivers results.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Shadow IT Security How Risky Behaviors Hurt Shadow IT Security

Examine some of the concerns involving shadow IT security and some of the riskiest behaviors, applications and devices. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.