Standard Background Checks vs. Prudential Associates Background Checks: What’s the Difference?
May 16, 2016
5 Things You Must Do After a Data Breach
June 10, 2016
Show all

What is An Incident Response?

information-securityThere will likely come a time when your organization has to deal with an unforeseen security breach or another sort of attack. These incidents are truly unnerving and can leave even the most together organization in shambles. To avoid costly downtime, start building an incident response plan as soon as possible.

To make creating this plan a success, we’ve compiled the most important information regarding incident response policies in this handy blog post.

Defining an Incident

An incident is another way to describe a security attack or breach. Incident responses allow for a methodical way to deal with what comes after a security or breach. They provide organizations with an approach to reduce the negative effects of the incident, reducing the risk of downtime and extensive expenses. All incident responses should include the definition of an incident along with examples and a process to follow after an incident has been detected.

Incident Response Plans and the 4 Main Phases

Incident response plans are typically designed to deal with security lapses, firewall breaches, data breaches, the outbreak of viruses, service attacks, and other threats. It is critical to begin such a plan with detection of the incident. If the incident can not be detected quickly, the organization is at a greater risk for damage. Whatever the incident may be, it should be contained and dealt with as quickly as possible.

Thus, detection is the first phase of the response plan. During this phase, the initial assessment begins, all incidents are detected, priorities are set, and security measures are escalated. Next, in the analysis phase, the response activities must be detailed and prioritized. This phase is where recovery truly begins as you preserve evidence and seek to isolate the incident.

During the recovery phase, containment continues to be a priority as the incident is wiped out as much as possible. You may find yourself moving between the first, second, and third phases quickly frequently to mitigate the effects of the incident. Doing so will allow you to detect and repair any previously unidentified damage.

Finally, in the post-incident phase, the steps taken and their results are compiled in a formal report. It is important to determine the cause of the incident and highlight ways to avoid another similar scenario. Be sure to document any expenses incurred as a result of the incident.

You may also see the phases of the incident response plan extended to 6 steps:

  1. Preparation. During this time, you prepare all parties involved to respond to a potential incident.
  2. Identification. This phase is the same as the aforementioned detection phase.
  3. Containment. During this phase, you will isolate any affected systems and attempt to reduce further damage.
  4. Eradication. Now it’s time to determine the cause of the incident and wipe it out from the environment.
  5. Recovery. Move to reestablishing any affected systems once the incident has been eradicated.
  6. Lessons learned. Take time to create the formal report and highlight ways to prevent another incident from happening again.

Keep all key players informed regarding the incident response plan. Be sure to determine who is responsible for implementing the plan and consider having alternate responsible parties as a means of backup. Practice rounds of the incident response plan can help you determine any areas that have been missed in your plan and improve its capabilities before disaster strikes.

How to Ensure Your Incident Response Plan is a Success

Creating an incident response plan is no easy matter, but it is certainly critical to the health and security of your organization. First, realize that your plan will read and followed by people. It might sound obvious but always write in an accessible way. During a stressful incident, no one has the time or patience to wade through piles of jargon-filled documents. Keep it short, sweet, and actionable above all else.

You may find it helpful to break your response down into three parts: a policy, a procedure, and guidelines. The policy should be easy to read and understandable to a non-IT employee. (Be sure to test just how readable it truly is!) Develop your procedures for whomever will be implementing the response plan. This step-by-step plan should be detailed enough so that it can be put into action right away. Finally, your guidelines will include various incident scenarios and best practices for your IT staff. This three-prong strategy is an excellent to get and keep everyone on board!

To learn more about proper incident response planning and how to protect your organization, contact our team of risk management experts at Prudential Associates today!