Seven Key Components to Start Your Incident Response Plan

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next Seven Key Components to Start Your Incident Response Plan-6 Next

Establish a command center

Create a base for incident response operations — like a command center. This can simply be a conference room or the largest office space in the building. Having one room identified as the "command center" makes it easier for those involved in incident response to know where they need to be physically to put a plan in place. This way, stakeholders don't have to chase down a status update. Instead, have a go-to place (or portal) for comprehensive or role-based access for real-time situational awareness. Along with the command center, organizations also need to identify a leader that truly understands their organization's incident response program. Nominate one point of contact and make sure this person can reach everyone working on the incident, as well as those who need to be updated on the situation. Also, consider connecting the leader with the PR team if needed. If PR is necessary, the leader should be the only voice speaking to the general public and media. The legal team can deal with compliance issues on a case-by-case basis.

Today, organizations are overwhelmed with the volume, variety and complexity of cyber attacks. They are equally overwhelmed with the variety and complexity of cyber security solutions, particularly the overlapping capabilities offered by vendors with a "me too" attitude. This is flagrantly evident with "incident response tools;" every vendor wants to be their customer's incident response solution.

The cybersecurity incident response cannot be a simple extension or an after-thought. It's a discipline that organizations have tried to hone in on since the first malware was discovered, and it requires a thoughtful, evolutionary and comprehensive approach commensurate with the changing cyber threat landscape. Any tool that purports to be an incident response tool must seamlessly integrate with an organization's incident response strategy, the core of which includes an incident response policy, plan, procedures and service levels. Collectively, this is called the incident response program.

Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response program to effectively and confidently respond to the current and emerging cyber threats. More often than not, companies make simple mistakes in developing and implementing these programs largely because they are focused on the day-to-day, versus a comprehensive strategy to combat persistent cyber threats. Ken Silva, president of cyber strategy at ManTech Cyber Solutions, offers seven key elements required to establish a robust, evolutionary and durable incident response program that delivers results.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.