We’ve talked about the importance of having a security incident (aka data breach) response plan in place, but according to the recent data breach preparedness study conducted by the Ponemon Institute (available via the Experian website), not many organizations feel like they could execute theirs effectively and “lack confidence” in it.
Our recommendation for building confidence in your security incident response plan? Test and test again. Kudos for having that all-important IRP in place, now let’s look at how well it works.
This year, six months from now, next year. Test, reassess, adjust, test again.
When an incident does occur – because even the best preparedness doesn’t keep you 100% safe – you’ll be actually executing the IRP. Different data breaches call for different assessments and responses. That means you need to know not only what kind of incident you’re dealing with, but also what the appropriate incident response is.
A security incident is not necessarily equivalent to a data breach.
That’s why your IRP should delineate exactly what to do to assess and mitigate the risk that allowed the incident, and whether or not an incident report is required. Your security incident response plan should be an executable process, not just a checklist. When there’s a clear process to follow, you can be more confident that your Security Incident Response team knows what action to take regardless of the situation. Then after each incidence, examine how you and your team did, and adjust your IRP accordingly.
It may help to think of your security incident response plan as part of your ability to continue business operations. Depending on the nature of the breach, you may need to halt some business operations while it’s addressed. It’s best to be prepared for that unforeseen event with an executable, tested process.
Should the Big Security Incident occur, like the very recent use of the Internet of Things (IoT) to use a distributed denial of service (DDOS) attack to shut down some very large organizations, it’s important that you’re prepared and able to activate your disaster recovery plan and business continuity plan to quickly move beyond shut down.
Apgar & Associates will help you develop, implement and test your security incident response plan. Give us a call to get started! 877-376-1981.