Incident Response Plan: How Are You Protecting Your Organization?

By: Esther Shein| - Leave a comment

Bigstock

Cyberattacks are on the rise, yet many enterprises are still without a comprehensive incident response plan. On top of that, many organizations don’t plan out how to maintain business continuity in the event of an outage.

Regardless of industry, if your enterprise has data it can’t afford to lose, it’s time to put an incident response plan in place that covers how business systems will stay secure, how the company will respond to a breach and how it will continue to operate after a system failure.

Follow Through on System Updates

Many organizations think they are immune to cyberattacks and outages, and as such, they do not put the needed time and effort into their response plans. Policies that ensure software upgrades and security patches are done on an as-needed basis are an essential yet often overlooked part of any business continuity plan.

IT manager J.F. Rice recently explained in Computerworld that after years of effort within his department, he finally ensured security patches were being applied to systems on a regular basis. However, he ran into an unexpected glitch: Windows computers have to be rebooted for the patch installations to take effect, which requires a system to be out of service for a few minutes. So, while a system administrator had applied the patches, one of the business units wouldn’t allow their application to be down — even overnight — since it was running processes that would be affected by stopping the work.

This is the type of problem that organizations don’t consider but that can seriously affect business continuity.

Elements of an Incident Response Plan

Data backup is another essential piece of an incident response plan, but backup alone won’t suffice. Organizations need to develop a comprehensive incident response plan that defines their most critical information assets, as well as how to protect and recover data in the event of a disruption.

This is what Canadian-based manufacturer Dupray did — it created an incident response plan after hiring an engineer who “thought it was interesting how we did not have one in place,” said Anthony Jullien, IT director at Dupray.

Dupray’s plan was divided into two specific sections: physical incidents and cyberincidents. It detailed contingencies for physical incidents, such as theft, fire, hardware malfunctions and breakdowns, and included a contingency plan for corporate espionage. Cyberincidents, on the other hand, were associated with unauthorized access, such as brute-force entries, account breaches and key loggers.

“Most of the incident report legwork has to do with defining which data has been impacted or stolen,” Jullien noted.

Dupray’s incident report process is broken down into the four following steps:

  1. Lockdown: Take a step back, revoke user access and stop any problems or issues from developing further.
  2. Assessment: Analyze what happened, and find the breach or issue.
  3. Adjustments: Solve the breach, and get back the data.
  4. New Processes: IT issues accesses again and creates new procedures or rules that will ensure the problem doesn’t happen again.

In addition to internal actions, external coordination with the appropriate third parties is also crucial. This could mean notifying law enforcement agencies or involving digital forensics experts. It is also important to ensure that service agreements, such as with a cyberincident remediation firm, stay current.

“Having a plan is important for the simple fact that you cannot leave your data or technology to luck,” Jullien said. “You can’t expect your company to get lucky with these things. Luck runs out. If you’re caught with your pants down, you are in trouble.”

Topics: , ,

Comments

About The Author

Esther Shein

Freelance Writer

Esther Shein is a freelance writer and editor specializing in technology, business and education. Her work has appeared in several online and print publications, including Inc., Computerworld, NetworkComputing, InformationWeek, BYTE, CIO, CMO.com and The Boston Globe. She has written thought leadership whitepapers, customer case studies and marketing materials in addition to news and feature articles. Prior to going freelance she was the editor-in-chief of Datamation, an online enterprise technology magazine. She was also a senior writer at eWeek (formerly PC Week) and worked at The Associated Press.

Articles by Esther Shein
See All Posts