The Incident Response Episode
Transcript
Introduction to the Guest and Topic:
Host Allie Krings introduces Cherry Kent, an experienced information security professional and former security officer in healthcare. The conversation focuses on incident response and how organizations can prepare for, identify, and manage security incidents. Cherry shares her background, explaining that her career began in programming before evolving into network management, disaster recovery, and ultimately information security, where she developed a strong passion for cybersecurity.
What Is Incident Response?:
Incident response is the process organizations follow when a security event impacts their systems. These incidents can include data breaches, system outages, theft, or malware attacks. Because incidents are inevitable, organizations must prepare by defining what qualifies as an incident and creating a structured plan for how to respond when one occurs.
What Does Incident Response Look Like Up Close?:
For Organizations: Incident response requires preparation through a formal plan that outlines team roles, communication processes, and response procedures. Organizations must be ready to act quickly and coordinate efforts when an incident occurs.
For Teams: Effective response involves collaboration across IT staff, leadership, and other departments. Teams must understand their responsibilities, know who to contact, and follow predefined playbooks to contain and resolve incidents efficiently.
What Are the Biggest Gaps in Compliance?:
A major gap is the lack of preparation. Many organizations either do not have an incident response plan or have one but do not actively maintain or practice it.
Another common issue is poor change management and lack of coordination. For example, making system updates without proper communication or leaving systems unpatched can create vulnerabilities that lead to major incidents.
How Should Organizations Assess Their Risk?:
Organizations must start by identifying all of their assets. As Cherry explains, you cannot protect what you don’t know you have. Once assets are identified, organizations should implement tools like antivirus software and patch management across all systems to reduce vulnerabilities.
What Are Common Types of Incidents?:
Malware and Viruses: These can spread quickly across systems, especially when protections like antivirus or patching are inconsistent. Poorly managed updates can worsen the impact of an attack.
Theft: Stolen or lost devices, especially unencrypted laptops, can lead to data exposure. Encryption serves as a critical safeguard to protect sensitive information.
Insider Threats: Terminated employees or individuals with lingering access can cause serious security risks if access is not revoked immediately.
How Should Companies Respond to an Incident?:
Establish Leadership: An incident commander should take charge, coordinate communication, and ensure efforts are organized rather than fragmented.
Contain the Threat: Teams should quickly isolate affected systems, such as removing a device from the network, to prevent further spread while preserving data for investigation.
Investigate and Document: Organizations should analyze logs and evidence to determine the root cause and understand the scope of the incident.
What Are the Best Practices for Preparation?:
Develop Playbooks: Create specific response procedures for common scenarios like ransomware or device theft.
Train Regularly: Hold frequent meetings and exercises to ensure teams understand their roles and can respond effectively under pressure.
Implement Strong Controls: Use antivirus software, keep systems patched, and encrypt devices to reduce risk and limit impact.
What Should Employees Do in an Incident?:
Act Immediately: Employees should report incidents right away to supervisors or security teams rather than trying to resolve them independently.
Follow Procedures: This may include contacting law enforcement in cases like theft and following company protocols for escalation.
Avoid Delays: Quick action is critical to minimizing damage and ensuring proper response measures are taken.
How Can Companies Ensure Compliance?:
Compliance requires having a documented and actively maintained incident response plan. Organizations should define roles, responsibilities, and communication procedures while ensuring all employees are trained on what to do during an incident.
Regular practice, continuous improvement, and clear policies help organizations respond effectively and reduce the impact of incidents. As Cherry emphasizes, the most important step is simply to start—build a plan, refine it over time, and ensure the organization is prepared.
Notes
The Incident Response Episode
In this episode, host Allie Krings sits down with Cherry Kent, who brings over 30 years of healthcare IT and security experience to a conversation all about incident response. Cherry shares some of the most memorable incidents from her career — including a virus outbreak that took nearly a year to fully resolve, a terminated employee who somehow found his way back to his old desk, and the time tracking software helped recover a laptop that should’ve been returned long before. Along the way, she breaks down what an incident response plan actually needs to include, why having an incident commander matters, and the simple advice she gives every company just getting started: don’t put it off. Tune in for real stories, practical takeaways, and a reminder that preparation always beats panic
At KirkpatrickPrice, we’re on a mission to help 10,000 organizations raise the bar for cybersecurity and compliance. Join Our Cybersecurity Mission. If you’re going to invest in an audit, it should deliver real value. That’s why we partner with you from audit readiness to final report, ensuring you get the assurance you deserve.
Ready to strengthen your security and compliance posture? Connect with an expert today and learn how we can help you meet your toughest goals.
Send a Question
Do you have a question for our podcast? Send it to us here.