Incident Response Planning: 6 Steps to Prepare your Organization

by Sarah Harvey / June 27th, 2017

In this webinar hosted by LockPath, Jeff Wilder discusses the importance of incident response and the steps your organization can take to create an Incident Response Plan. Wondering what incident response is? Incident response is a predetermined approach for identifying and addressing a security incident, which dictates the procedures following detection to minimize the impact. Incident response planning is vital to your organization. Incidents not handled properly have the potential to be catastrophic in damage and Incident Response Plans prevent business interruption, revenue loss, and loss of customer trust.

There are several aspects you need to consider when developing your Incident Response Plan. Policies and procedures are the starting point; these documents should dictate immediate steps following detection of an incident. Your organization also needs to put together an Incident Response Team, but your plan should be known and tested by all management and personnel. Incident Response Plans involve your organization’s legal team, human resources department, public relations team, customer service representatives, security team, IT department, and executive staff. Each of these team members have a role in responding to an incident.

The Six Steps of an Incident Response Plan:

  1. Preparation – How are we currently preparing for a security incident? What are we doing to prevent an incident? How are we limiting the impact of an incident? Have we tested our policies and procedures?
  2. Detection & Identification – How would we identify an incident? How do we report an incident? How do we detect malicious activity? Do we have a specific Incident Response Team?
  3. Containment – Has the appropriate personnel been notified? What evidence should be collected? Have we fully assessed the scope of the damage? How can we prevent further damage?
  4. Remediation – Do we have backups in place? Has a complete a forensic analysis to determine origin been performed? Have we cleaned the system? Can we make changes to prevent a repeat incident? How can we test the changes?
  5. Recovery – Have we securely restore the system? Do we have continuous monitoring to ensure problem is resolved? Have we replaced any lost files with backups?
  6. Lessons Learned – What happened? What gaps can we now identify? Have we regained our customers’ confidence? Have we reviewed policies and procedures to prevent future attacks?

About LockPath

LockPath is a leader in integrated risk management solutions. Their suite of applications empower companies to manage risk, demonstrate compliance, monitor information security, and achieve audit-ready status. Companies ranging from 10-person offices to Fortune 10 enterprises in over 15 industries address the Gartner IRM use cases with LockPath solutions. In 2017, they are expanding their application portfolio to provide more efficient and effective programs. Learn more at lockpath.com.