As part of my cyber security process here at Octagon, I regularly review the policies and procedures related to my responsibilities. One of those jobs is keeping the Incident Response Plan up to date.
Here is one result from our incident response plan review:
Incident Response Plan – “WHAT IF”
Incident Response
An incident response plan needs to be able to support and inform your team and stakeholders if an incident should occur.
Although everyone thinks of a cyber security incident, the incident response plan should also address other incidents that would have a significant impact on your organisation’s ability to deliver its services.
What happens if we lose the internet at the office?
What happens if there is a red weather warning?
It does not have to be complicated, but it should at least include the following points:
- Designate people to roles
- Instruct other staff as to their actions and responses
- Record actions and responses at the time
- Record and preserve evidence – written, photos, videos, audio recordings, etc.
- Use approved template responses for media, stakeholders, etc.
- Include important contact information – both for internal and external use (two lists)
- Action communications procedure in the event of compromise
- Spare equipment
- Alternate location
This is not a complete list, but it gives an idea of what an incident response plan should look like.
One more thing to add.
There needs to be a method of reporting changes in your organisation’s operations so the Incident Response Plan can be updated to reflect those changes.
Training, Role Playing, and Incident Response
I have found that every incident response plan needs some on-site training and testing so people know what to do when under pressure in a real incident. Role-playing an incident is an effective way to deliver this training, and it is fun, which always helps.
Don’t tell the Octagon Team…
At this point I will let you all into a secret – one of our staff meetings in the coming weeks will be changed – without notice – to Incident Response Role Playing training. If anyone on our team reads this article they will be forewarned, but if they do not…
Next
Jump over to Smart Thinking where I have a companion article to this that looks at what happens after the incident.
Get Organised – Business Continuity and Recovery
Clive Catton MSc (Cyber Security) – by-line and other articles
Get Organised Month
Get Organised Month: Make a Vision Board
Get Organised at Smart Thinking Solutions
Get Organised Month: Contracts Protect Your Business
Get Organised – Incident Response
Get Organised – Business Continuity and Recovery
Further Reading
Photo by cottonbro studio
