5 Key Steps to Include in Your Incident Response Plan – Solutions Review

Incident Response Plan
As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Max Henderson of Pondurance breaks down the key steps every SOC team should follow when building an incident response plan.
Sad but true: Thousands of organizations across just about every industry suffer data breaches every year. The 2022 Verizon Data Breach Investigations Report analyzed 23,896 incidents equaling 5,212 confirmed data breaches, which means that the odds of not being breached are pretty slim. But hey– knowledge is power, so embracing the knowledge that you’re likely to be breached and being prepared for it inevitably puts the odds in your favor of a smooth recovery.
To be prepared for a cyber-attack means having an incident response (IR) plan, which, according to the NIST Computer Security Resource Center, is “The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization’s information system(s).” Creating, testing, and maintaining an IR plan is the best way to ensure your organization won’t be brought to its knees by a breach, or even be put out of business altogether.

Whether creating an incident response plan for the first time, or looking to refresh an existing plan, there are several critical things to think through.
Ultimately, an IR plan revolves around the lifecycle of a cyber-attack. Every good plan should include these five key steps.
Collect key information, assemble your key stakeholders, assign roles and responsibilities, and document the process to create a formal cybersecurity policy.
Preparing involves identifying the following:
When every minute counts, it is essential to have a strong security team and security tools to monitor and detect malicious activity throughout your network, endpoints, logs, and cloud on a 24/7 basis.
This step involves:
Responding to security incidents can take many forms, such as triaging alerts and containing the threat by isolating or shutting down the infected systems to prevent further spread to your network. In addition, leveraging your SOC to hunt for these threats actively is critical to detecting the location of malicious files, backdoors, and other types of threats that can lead to a security incident.
This part of putting the plan into action involves:
All hands on deck are required when communicating the incident externally and with other internal departments.
Review and report on what happened, what was the root cause, and what could be improved in the IR plan to reduce the time for response and the likelihood of another incident.
During this phase of an incident:
It’s a lot, but your organization will be far more secure and resilient having an IR plan in place. The other good news is that having a regularly-tested IR plan can result in significant cost savings. The 2022 Cost of a Data Breach Report reported that “businesses with an IR team that tested its IR plan saw an average of USD 2.66 million lower breach costs than organizations without an IR team and that doesn’t test an IR plan.”
You don’t have to go it alone. If you don’t have the expertise in-house to drive the creation and regular testing of an incident response plan, there are IR service providers that can provide the planning, training, response skills, and guidance required to prepare for and get your organization through a breach. Working with an IR service provider can be especially helpful when that cyber-attack is launched at 3:00 am on a weekend or holiday. Regardless— have a plan, keep it updated and stay safe.



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page