The impact and subsequent fallout from a business-impacting cyber security attack are stressful at the best of times. Experience time and again shows that organizations without the benefit of an Incident Response (‘IR’) Plan / Guide / Policy are hit the hardest during and after an attack. Finding out the hard way how devastating it can be to the company brand, budget, and customer loyalty, to be caught unprepared.
In order to properly preparing your organization for even a minimal response to a cyber attack can reduce the financial impact (which is still largely unknown).
In response to either a low business-impacting cybersecurity incident on a regular basis or the ever feared larger, name in the paper type, the business needs to know how to properly identify, assess and mitigate those risks.
Based on my years of Incident Response, Forensics, vCISO experience, and in building MSSP, I have outlined the following business essentials to getting your incident response plan right!
See Top 10 things you need in your incident response plan
- Set SLA or SLE for the responses you want in and out of this function, especially as it aligns with the rest of the business functions.
In order to hold the business accountable for a reasonable response, you must determine a proper timeline for response.
I recommend that you not provide legal guidance around the declaration of breach response SLA.
- Understand that there is a difference between an Incident Response plan designed for operations vs. management vs. strategic.
- The goal of the plan is not to make something net new but to capture the existing processes and expand and formalize them. If you create something that is ‘net new’, without a lot of additional T&E, it will fail.
- Whatever you build, get it approved (signature on paper) by the C-Suite team.