PCI DSS 4.0 - Are You Ready? Get a Discount on a Readiness Assessment

Nearly all organizations need an incident response plan. Security incidents are inevitable. The time to think about responding to an incident is NOT during the incident. Incidents are stressful, often chaotic (especially when you have no plan).

A formally documented, incident response plan helps organizations identify, contain, and remediate security incidents.

Key Components of Incident Response Planning

  • Detection capabilities
  • Incident Response Team
  • Create a Run Book
  • Breach Identification and Classification
  • Breach Containment
  • Remediation
  • Evidence Preservation / Incident Documentation
  • Lessons Learned
  • Training

Detection Capabilities

Without adequate detective capabilities, your organization may learn of a breach from law enforcement or even worse – your customers. Organizations must have adequate system logging and intrusion detection systems or they will be essentially flying blind.

Incident Response Team

Create an incident response team with defined roles and responsibilities for responding to a potential security incident. The team must have the technical skills to research potential incidents and take action.

Create a Run Book

Document steps to take for as many potential incident scenarios as you can think of. There will not be time to think through the appropriate response during the incident.

Breach Identification and Classification

The plan must define criteria for identifying and classifying a breach. Breaches will trigger notification based on the classification of the incident. Notification may include an escalation team internally, and potentially may include law enforcement, and customers depending upon the severity of the incident.

Breach Containment

Breaches should be contained as soon as possible to limit the impact of the breach in terms of numbers systems affected and the amount of data lost/exfiltrated out of the organization.

Remediation

Once a breach has been contained and assessed, the cause of the breach must be remediated to ensure the issues causing the breach no longer represent and exposure.

Evidence Preservation / Incident Documentation

Incident response plan should include provisions for maintaining evidence of the breach so that evidence can be later provided to law enforcement or in legal proceedings. Steps taken during a security incident should always be formally documented.

Lessons Learned

Incident response plans should include requirements to conduct a formal ‘lessons learned’ session or incident post mortem. The lessons learned must then be incorporated into future iterations of the plan.

Training

Once created, incident response teams should be provided training on the details of the plan. Mock security breaches and drills will help to comprehensively evaluate how your employees put the incident response plan into action. This gives management the opportunity to note the strengths and weaknesses of the plan while making goals for remediation and improvement.

Related article: read about PCI DSS 4.0 Is Expected to Change in 2020.

How I.S. Partners can help

If your organization would like assistance with incident response planning, would like an assessment of your current response plan, or would like I.S. Partners to help facilitate mock incidents for your organization. Call us today at 215-675-1400 to start the conversation.

Get a Quote Try our Compliance Checker

About The Author

Anthony Jones, I.S. Partners
Anthony has over 20 years of experience and has worked with a variety of industries, including Health Care Insurance, Banking and Financial Services, Information and Analytics, Telecom, and Utilities. Anthony has extensive knowledge in IT Security consulting; he is also a Certified Information Systems Auditor (CISA), and Project Management Professional (PMP) designation holder with expert ability to accurately determine needs, understand risk tolerances, offer alternatives to current situations, develop action plans and cultivate longstanding client relationships. Anthony’s area of expertise consists of MAR, HIPAA and Sarbanes Oxley Compliance, IT Security and Privacy Management, Enterprise Risk Management (ERM), Health Care Insurance Banking and Financial Services, Manufacturing and Utilities. Prior to joining IS Partners, LLC Anthony spent 12 years with PWC as a Senior Manager in Business Risk Solution (BRS) Practice advising Fortune 100 financial services, manufacturing, Insurance and utility companies. Anthony graduated Saint Joseph’s University. Anthony received his MBA from SJU Haub School of Business.
Anthony Jones frequently blogs for I.S. Partners, LLC.

Related Content

Gain Deeper Insights

get started

Get a Customized Quote

Please fill out the form below to schedule a free 30 minute consultation. This consultation will allow us to create a customized plan and an accurate, no-obligation quote.

Want to speak to us now? Call us at (866) 335-6235 or start a live chat!

Great companies think alike.

Join hundreds of other companies that trust .S. Partners for their compliance, attestation and security needs.

GET A QUOTE
GET A QUOTE
Scroll to Top