Are you prepared to take a comprehensive incident response approach?
Be ready to reinforce your incident response protocols.
It takes thoughtful planning to shore up defenses and lock down networks. Use this checklist to ensure your organization is prepared to invest in a well-rounded incident response plan.
Considerations for Implementing Effective Incident Response Capabilities
Do I understand my business risk? Have I identified the types of assets and information that need to be protected?
Do I have unpacked systems? Or a lack of network segmentation? Am I aware of the latest breaches and types of attacks? Defining the organization’s most valuable assets and understanding its vulnerabilities is imperative given how the threat landscape has evolved the past two years.
Have I secured an executive sponsor?
Be sure you have an executive sponsor from the start to help ensure stakeholder support and to ensure incident response initiatives have approval to move quickly. In addition to the executive sponsor, make sure you have representatives from all areas of the organization at the table — legal, PR, finance, etc. — so everyone is on the same page when your plan is implemented.
Has my organization developed a security strategy and communicated it effectively?
Security policies define the organization’s approach to ensuring the confidentiality, integrity and availability of systems and data, and need to be developed, communicated and enforced for all users. Ask yourself, do I have governance in place? Do I have centralized logging in place? Do I have established framework-based security controls? Have I done a hardware and software inventory to see my current environment to determine what policies are needed?
Do I have the right team assembled? Do they understand their responsibilities during an incident?
Define individual roles and responsibilities and establish a chain of command to be used during an incident. Identify staffing and expertise deficiencies and obtain third-party assistance where there are gaps. This extends beyond technical expertise to encompass expertise of all stakeholders (e.g., PR, legal, finance, etc.) to have successful engagement.
Do I have the right tools in place to ensure timely incident detection and response?
You no longer have the luxury of time. Where just a few years ago it used to take threat actors months to get into networks and systems, it now takes weeks. Validate that the proper security solutions are in place for immediate or near-immediate detection and response to an incident. These solutions may include continuous monitoring of security alerts, endpoint detection and response (EDR) platforms, next-generation anti-virus, and centralized log collection in a security information and event management (SIEM) platform.
Have I developed a formal incident response plan? Have I tested the efficacy of my current incident response plan and processes?
Develop an incident response plan tailored to your organization. Perform assessments to validate the efficacy of organizational incident response capabilities and have a plan to remediate identified gaps. And be sure you have the staffing in place to sufficiently respond to an incident. Do you need more subject matter experts on hand? Do you have consultants at the ready? Do you have the capability to act 24/7 to shorten the recovery window? Have you considered your business continuity plan?
Effective incident response takes a thoughtful approach. Let us help you get it right. Contact your account team or give us a call.
800.800.4239
As you continue your incident response journey, review our roadmap to understand what to expect before, during and after your technology investment.
MKT53529