Ten Steps to Planning an Effective Cyber-Incident Response

Here are 10 principles to guide companies in creating — and implementing — incident-response plans:

1. Assign an executive to take on responsibility for the plan and for integrating incident-response efforts across business units and geographies.
2. Develop a taxonomy of risks, threats, and potential failure modes. Refresh them continually on the basis of changes in the threat environment.
3. Develop easily accessible quick-response guides for likely scenarios.
4. Establish processes for making major decisions, such as when to isolate compromised areas of the network.
5. Maintain relationships with key external stakeholders, such as law enforcement.
6. Maintain service-level agreements and relationships with external breach-remediation providers and experts.
7. Ensure that documentation of response plans is available to the entire organization and is routinely refreshed.
8. Ensure that all staff members understand their roles and responsibilities in the event of a cyber incident.
9. Identify the individuals who are critical to incident response and ensure redundancy.
10. Train, practice, and run simulated breaches to develop response “muscle memory.” The best-prepared organizations routinely conduct war games to stress-test their plans, increasing managers’ awareness and fine-tuning their response capabilities.

An effective incident response plan ultimately relies on executive sponsorship. Given the impact of recent breaches, we expect incident response to move higher on the executive agenda. Putting the development of a robust plan on the fast track is imperative for companies. When a successful cyber attack occurs and the scale and impact of the breach comes to light, the first question customers, shareholders, and regulators will ask is, “What did this institution do to prepare?”
(Tucker Bailey, 2013)

Tucker Bailey, J. B. (2013, July 1). Ten Steps to Planning an Effective Cyber-Incident Response. Retrieved September 17, 2014, from Harvard Business Review: http://blogs.hbr.org/2013/07/ten-steps-to-planning-an-effect/