Creating Your Incident Response Plan 

In a previous article we wrote about the activities and information required to create an effective incident response plan. In this article we will talk about the phases of an incident response plan in order to create a well-structured program. 

As a review, the incident response plan should define the goals, the various individuals involved, the roles and responsibilities, the communications methods, and the escalation processes throughout the phases of the plan.  

As we mentioned in the previous article, an incident can be anything from a breach to a systems failure, but our focus for this blog will be cyber incidents. To that end, we will first define the types of cyber incidents that an organization can experience before we discuss the phases of an incident response plan. 

Types of Cyber Incidents 

  • Exploitation – this type of incident takes advantage of unpatched hardware and software or vulnerabilities in systems to take control of the IT environment. 
  • Ransomware – most of us have heard of ransomware attacks. This type of attack uses malware that locks systems and files until a ransom is paid. However, paying the ransom does not guarantee that the data will be unlocked and accessible. 
  • Data Theft – this type of incident involves cybercriminals stealing information that is stored on an organization’s systems. The cybercriminals usually gain access to the systems and the information within them through stolen user credentials. Often, the cybercriminals quietly watch the traffic on the systems for periods of time to identify the most valuable information that they can steal to inflict the most damage.    

Phases of an Incident Response Plan 

Preparation 

  • Outline the goals of the incident response strategy including the policies and procedures. The improvement of the organization’s security, visibility of an incident and the recovery from an incident need to be clearly defined.  
  • Implement a reliable backup plan to help restore your data. 
  • Have a comprehensive strategy for patching and updating your hardware, operating systems, and applications. 
  • Test the plan to ensure it meets expectations and make improvements based on the results as required.  

Observation 

  • Monitor networks, systems, and devices for potential threats. 
  • Document events and potential incidents. 
  • Analyze the occurrences to determine whether the incident response plan needs to be activated. 

Resolution 

  • Understand intrusions to contain and apply the appropriate measures for effective mitigation. This may involve isolating systems or suspending access to systems and other measures. 
  • Eliminate the intrusion by restoring from reliable backups.  
  • Ensure devices and systems are clean by running anti-malware and antivirus software 
  • Preserve evidence and documentation to assist with the analysis of the incident. 

Insight 

  • Identify the root cause and determine what can be improved to avoid the incident in the future. 
  • Evaluate the incident response procedures and processes to highlight what went well and what needs to be improved. 
  • Document the lessons learned and what needs to be adjusted for future incidents. 
  • Meticulously document the steps that were taken to uncover and resolve the incident that can be reused to resolve future incidents quickly and effectively.  

One last piece of advice that we can offer when it comes to an incident response plan is having a printed copy on hand. When an incident occurs and the systems are unavailable, having an electronic copy will not be very helpful if the team cannot access it.  

These topics are an overview of the phases of an incident response plan. In creating your plan an organization needs to determine which of the areas where they will require external expertise. It may be none, all, or some of the areas. However, in our experience, getting assistance from experts, whether legal, insurance, communications, incident response specialists or IT service providers is useful as you create your incident response plan. 

Call MicroAge today to see how we can help you. 

Obtenez plus de vos outils informatiques

Plus de 300 entreprises de toutes tailles nous font confiance pour le déploiement et la gestion de solutions TI et de produits informatiques. Permettez-nous de vous aider dans l'atteinte de vos objectifs d'affaires.

Articles les plus commentés

top 5 office 365 tools

Les 5 meilleurs outils de collaboration Office 365 dont vous avez besoin dans votre espace de travail

Office 365 est la suite de logiciels ultime de Microsoft et comprend certains des programmes les plus polyvalents et révolutionnaires proposés aux propriétaires d’entreprise. Cependant,…

Read More
dark web

Le Dark Web: qu’est-ce que c’est et pourquoi vous devriez en être conscient

Internet est un espace composé de bons et de mauvais. L’Internet est paradoxalement composé de trois couches, en particulier le Web profond, le Web de…

Read More
Air-fi

AIR-FI: Ce que vous devez savoir sur la nouvelle méthode de piratage WiFi

La vie est devenue beaucoup plus facile depuis l’aube du WiFi. Depuis que nous avons dit adieu aux connexions câblées physiques, la commodité et la…

Read More
Cloud outage

Comment se préparer aux perturbations causées par les pannes de service cloud

Vous n’avez pas besoin de chercher très loin pour trouver des exemples de pannes de service cloud. En juin de l’année dernière, une énorme panne…

Read More

Quelles sont les conséquences d’une pénurie de TI?

Les effets de la pénurie de main-d’œuvre s’intensifient dans pratiquement tous les secteurs d’activité, et le département informatique n’y échappe malheureusement pas. Cette réalité est…

Read More