Incident Response Process

Incident Response Planning

Not to be too negative, but a serious security incident is a question of WHEN and not IF in today’s digital world. Effective response plans mitigate the potential damage caused by a security incident.

What is an Incident Response Plan?

An incident response plan outlines how your organisation will respond to an incident. Effective Incident response plans enable organisations to continue operating in an efficient manner despite the possible disruption(s) associated with the breach or attack, reduce recovery timeframes and assist in safe-guarding your business.

SANS published their Incident Handler’s Handbook a number years ago, and remains the standard for incident response plans. With a 6-step framework, that assists organisation to build out the specific company plan.

These 6 steps focus on:

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

Why Advanced preparation is crucial?

Advanced preparation is crucial, once an organisation is under attack, it is often too late for under-prepared staff and organisations to act in a timely and effective manner.

Consider these points when an incident occurs:

How would you determine what business process and assets are impacted?
There will be a flurry of questions, from internal stakeholders, customers, partners and potentially the media. How will these be answered and addressed?
What actions will be taken (or missed) during and after the incident? How do these actions impact current and future business functions and reputation?

How can Secure-ISS assist?

If you don’t have a response plan in place, or would like some assistance in reviewing or testing your existing framework, don’t hesitate to get in touch with one of our Cyber Security Consultants.