Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
Menu
Alex Waintraub and special guest, Ken Fishkin, Information Security and Privacy Evangelist, ISC2 Chapter President, InfraGard Advisory Board Member, and Senior Manager of Information Security – Lowenstein Sandler LLP, discuss the importance of having an Incidence Response Plan and what the dangers are of not having one. Listen to the podcast here: https://safehouseinitiative.org/10-common-flaws-in-incident-response-plans-flaw-1-not-having-a-plan/
Preparation is key when it comes to incident response planning. No matter how well you think you’re prepared, the unexpected is bound to happen. Without a documented plan in place, your organization will be scrambling to respond to a crisis, which can lead to disastrous consequences. The first step in creating an effective incident response plan is to identify your organization’s biggest risks and prioritize them.
A crucial component of an incident response plan is clearly defining the roles and responsibilities of the key stakeholders involved. This typically includes the general counsel, external counsel, head of security, head of IT, head of finance, and potentially the head of marketing as well. It’s important to have these roles documented ahead of time, and to also consider what happens if a key team member is unavailable, such as the CIO going on vacation.
Another best practice is to create detailed checklists and playbooks for different incident scenarios. Rather than having one massive, unwieldy incident response plan, it’s better to have a main plan that outlines the overall process, and then separate playbooks for specific types of incidents, such as a ransomware attack or a denial of service attack. These playbooks ensure that the response team is following the right steps and not missing anything critical during the heat of a crisis.
Effective communication is essential during an incident response. The incident response plan should outline the communication structure and the order in which various stakeholders need to be notified. Regular tabletop exercises are also crucial for testing the plan and ensuring that the response team is familiar with their roles and responsibilities. These exercises help build the necessary “muscle memory” to respond effectively when a real incident occurs.
Organizations that don’t have an incident response plan in place can face significant legal and operational challenges. Without a plan, the information gathered during the incident response may not be considered privileged, which could lead to having to share it with law enforcement. Additionally, the lack of a defined process and communication structure can result in a chaotic and ineffective response, ultimately causing more damage to the organization.
Effective incident response planning is crucial for organizations of all sizes. By prioritizing risks, defining roles and responsibilities, developing checklists and playbooks, and regularly testing the plan, you can ensure that your organization is well-prepared to respond to a cyber incident and minimize the potential damage. Don’t wait for a crisis to happen – start building your incident response plan today
