Incident Response Plan
by Brent Kirkpatrick
(Date Published: 1/18/2018.)
Have the contact information of several external cybersecurity investigators. When you need someone, you will need them fast. Talent in cybersecurity is scarce and competition for the time of investigators is fierce. In addition to traditional social networking, consider IT staffing firms and LinkedIn Profinder to locate consultants.
Know who which of your people you need to bring into incident response and when during the response they should be notified. For example, right after a breach is discovered, you will likely be involving your general counsel, retaining an outside attorney, involving you CIO, your CISO, and your CFO/COO. Additional you will be retaining a external investigator. These people often operate under non-disclosure agreements and/or under attorney-client privilege.
Consider getting cyberinsurance. Although cyberinsurance may not cover all the costs associated with a breach, it will provide some guidance to handling incidents. Cyberinsurance may well assist with some of the costs.
Know what laws and standards you are responsible for complying with during the response. For example, SOX PCI, and CIP may require audits and may stipulate some of the actions taken during a breach response. If you have a credit card breach, the PCI-DSS standard requires you to hire a PCI investigator.
If the breach results in harm or fraud there will be legal action. Prepare your legal team for strategic decision making. Involve the legal team in remediation.
Preparing an incident response plan in advance of a breach will help ensure that you involve key people at key points in the response. A plan will have you responding quicker and more efficiently to a breach.
defendIT (TM). AI-driven security measures derived from security incident data.