Anatomy of a Cyber Incident Response Plan
It seems like a daily occurrence that some national company announces a breach of their network systems. As more and more cyber breaches occur, it’s becoming critical that businesses have an incident response plan (IRP) ready before a breach, but what should go into a good IRP?
Before we get into the anatomy, let’s understand the objective of the IRP. This document should outline the steps to take if a data breach is suspected or occurs. A living document, which should be continuously updated as the business changes, an IRP outlines who and how the company will respond to a breach. An IRP should be clear, succinct and organized in sections, while containing the appropriate details for response: who, what, when and how to respond to various situations. More specifically, there are four key elements every IRP needs:
- Incident Response Team
This should outline the roles and responsibilities of team members, should list both internal and external team members, their contact information, specific role and notification level.
- Incident Triage Notification
This should contain the various trigger notifications of response team, insurance carrier, law enforcement, outside forensic investigation, crisis and media management.
- Breach Response
Includes detail response procedures such as timing, affected individuals, and government notification. It should also address issuing a press release, internal communications, what is posted on website, and accompanying remedies such as credit monitoring and identity theft resolution.
- Mitigation & Remediation
Covers investigation outcomes to correct vulnerabilities that harden the system from further breaches and review and improve the incident response team.
Having a detailed and tested IRP in place prior to a breach will save you time, money and reputational damage if the unthinkable happens. For more information, check our free Assurance University webinar replay titled "Data Security Breaches: Protect Yourself from Claims and Fines" or contact us today.
- Data Security Breaches Webinar Recording
- Don't be Next: Data Breach Affects 4.5M Healthcare Patients
- 5 Questions Risk Managers Should Ask About Cyber Risk
- Cyber Liability E-Book
ABOUT THE AUTHOR