13 December 2016

Validating your incident response plan

In today’s digital climate, incidents impacting your business systems and sensitive data are considered almost inevitable. That’s why having a timely, efficient and effective response plan is vital.

There are a plethora of materials online that cover all the different incident response procedures but there are 7 common gaps and mistakes our consultants often see, that can have a significant impact.

  1. Applying a ‘one size fits all’ communications plan
    Unfortunately, listing your stakeholders is not enough; you need to add structure to your response in advance to help you consider how the needs of each stakeholder group – and the balance between them – changes as an incident evolves.
  2. Don’t leap to a diagnosis too soon.
    Otherwise it is difficult to communicate in a clear, organised way, and assign individuals with the most appropriate skills. Looking at any previous incidents that were similar can help inform your decision-making processes.
  3. During an incident, failing to use change management principles.
    Viewing incident management in isolation is a mistake, there may be wider implications. It is important to obtain buy-in and understand the risks and implications from key stakeholders.
  4. Taking action without a documented playbook.
    Writing down your remediation plans, step by step, takes the pressure off during an incident. What is commonly termed “a playbook” has real value in helping to limit damage following an incident.
  5. Lowering your guard during the recovery phase.
    Throughout your recovery you must maintain a heightened state of readiness. Especially if the attacker has experienced some success, they may feel tempted to return for another try – or they may have left behind another exploit for future use.
  6. Neglecting post-incident reviews.
    Without a clear understanding of what happened, why it happened, its impact and the consequences, organisations cannot properly assess or manage the risk of a similar incident arising.
  7. Not exercising and validating your plan.
    Doing so provides opportunities to identify areas for further improvements. Organisations need to be able to simulate a potential security incident so that response teams are better prepared for reality.

Thankfully, many of these issues can be mitigated with an effective incident response plan.

Our free Incident Management guide outlines exactly how to validate your plans and address the above 7 common mistakes.

Download Guide