We are open & providing remote audit and compliance services during this national emergency.
Learn more about our Virtual Auditing Services during Covid 19

New White Paper: “The Complete Guide to Enterprise Risk Management” DOWNLOAD NOW
Listen to: "IT Incident Response Plan: Key Steps to Implement"

Nearly all organizations need an incident response plan. Security incidents are inevitable. The time to think about responding to an incident is NOT during the incident. Incidents are stressful, often chaotic (especially when you have no plan).

A formally documented, incident response plan helps organizations identify, contain, and remediate security incidents.

Key Components of Incident Response Planning

  • Detection capabilities
  • Incident Response Team
  • Create a Run Book
  • Breach Identification and Classification
  • Breach Containment
  • Remediation
  • Evidence Preservation / Incident Documentation
  • Lessons Learned
  • Training

Detection Capabilities

Without adequate detective capabilities, your organization may learn of a breach from law enforcement or even worse – your customers. Organizations must have adequate system logging and intrusion detection systems or they will be essentially flying blind.

Incident Response Team

Create an incident response team with defined roles and responsibilities for responding to a potential security incident. The team must have the technical skills to research potential incidents and take action.

Create a Run Book

Document steps to take for as many potential incident scenarios as you can think of. There will not be time to think through the appropriate response during the incident.

Breach Identification and Classification

The plan must define criteria for identifying and classifying a breach. Breaches will trigger notification based on the classification of the incident. Notification may include an escalation team internally, and potentially may include law enforcement, and customers depending upon the severity of the incident.

Breach Containment

Breaches should be contained as soon as possible to limit the impact of the breach in terms of numbers systems affected and the amount of data lost/exfiltrated out of the organization.

Remediation

Once a breach has been contained and assessed, the cause of the breach must be remediated to ensure the issues causing the breach no longer represent and exposure.

Evidence Preservation / Incident Documentation

Incident response plan should include provisions for maintaining evidence of the breach so that evidence can be later provided to law enforcement or in legal proceedings. Steps taken during a security incident should always be formally documented.

Lessons Learned

Incident response plans should include requirements to conduct a formal ‘lessons learned’ session or incident post mortem. The lessons learned must then be incorporated into future iterations of the plan.

Training

Once created, incident response teams should be provided training on the details of the plan. Mock security breaches and drills will help to comprehensively evaluate how your employees put the incident response plan into action. This gives management the opportunity to note the strengths and weaknesses of the plan while making goals for remediation and improvement.

Related article: read about PCI DSS 4.0 Is Expected to Change in 2020.

How I.S. Partners can help

If your organization would like assistance with incident response planning, would like an assessment of your current response plan, or would like I.S. Partners to help facilitate mock incidents for your organization. Call us today at 215-675-1400 to start the conversation.

Get Hassle-free Pricing in 3 Easy Steps

1
Request a quote using the form below
2
Allow us to create a customized plan
3
We'll get you an accurate, no-obligation quote
Untitled-1 Asset 1 Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 642-2230

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending

Great companies think alike!

Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal