Odds favor your organization’s assets will be hacked. Bet on it. Develop an effective plan to mitigate the impact of loss from a security breach.
Don’t delay, get started by evaluating your organization’s security polices. Identify personnel that have access to sensitive data, then expand your assessment externally to vendors and networks that potentially pose a security risk to your assets. The primary objective of an incident-response (IR) plan is to manage a cybersecurity event or breach in a way that limits damage, increases the confidence of external stakeholders, and reduces recovery time and costs.
Any good defensible breach response plan has thoroughly assessed and identified levels of potential risk and the nature of the assets (reputational, intellectual, public records, etc.). No plan is perfect, it must be reviewed continually to ensure security authorization and access protocols are adhered.
Staff MUST understand that profitability and security are critical for continued success.
An effective IR plan is based on a framework designed:
- To identify risk;
- Assign authorizations and teams specific to the type and level of risk;
- and ensure options account for any escalation that may heighten the severity and exposure of the risk to the entire business.
Develop an (IR) Plan from the Inside – Out
- Effective planning must successfully integrate all business functions ensuring that all business operations are agile and can respond quickly and decisively during an incident.
- Externally, keep in contact with important agencies within law-enforcement, breach-remediation and forensics.
- Establish clear roles and responsibilities across the organization.
- Strong response plans ensure that minor events do not escalate into major incidents.
Operate under the assumption that your network(s) will be compromised – develop policies to minimize the damage.
SOURCE
Radack, S.M. (September 27, 2012). Revised Guide Helps Organizations Handle Security-Related Incidents. National Institute of Standards and Technology.
