This blog is the first of a 6-part series of blogs.
The biggest fear of any organization that creates, maintains, or transmits data, is a data breach. Now that we are full swing into the Information Age, at times it feels as if data breaches have almost become a weekly thing. Organizations like Target, the Department of State, the Office of Personnel Management (OPM), the Veterans Affairs, Twitter, and more have been on the receiving end of data breaches. Arguments can be made on either side regarding the methodology of how each organization responded to a data breach incident. Since then, there are now several solutions out there to minimize or even transfer the risk in an effort to mitigate a data breach. Regardless of what the organization chooses, one thing every organization needs is an Incident Response plan.
An Incident Response (IR) Plan is defined as a set of instructions to detect, respond, and recover from an information system or security incident. Every organization should have a documented plan or policy that:
- Defines an Incident
- Identifies the Purpose
- Identifies the Scope
- Defines the Roles & Responsibilities
- Identifies Management Commitment
- Defines Coordination among internal entities
- Defines Compliance
- Provides Procedures to facilitate the implementation of incident response policy, and;
- Identifies timeline for Review and Updates of the policy
IR policy plans can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. IR Plans are living documents and should be reviewed at a minimum of annually or when a major contributor to the plan has departed the organization.
Should your organization need support developing an IR plan, or want an external assessment of your Cybersecurity/IT security posture, contact us. We are here to help!