BY DENNY FISHER, Chief strategist, ACS
Chance are you have a plan in case of a fire at your house. You take shelter when a tornado strikes. Your data requires the same kind of plan.
An incident response plan assists in managing your business or your personal data in case of a cyber threat, power outages or physical disaster that destroys or disables the systems supporting that information.
“You’re formulating a course of action for how you’ll respond to things that may or may not happen,” says Ryan Weston, manager of security and connectivity for ACS.
The incident response plan should be part of your company’s overall Business Continuity or Disaster Recovery Plan. Due to the number of connected devices and amount of data generated by the Internet of Things (IoT), there is a greater likelihood of some type of incident occurring. It’s important to consider how the IoT interacts and affects your business when developing an Incident Response Plan.
There are several steps you need to take to ensure your plan has the support it needs from stakeholders and can easily be implemented in times of disaster.
- Gain buy-in from the top: The company’s chief executives and board of directors need to be in agreement with your plan. It’s likely you’ll hire outside resources such as vendors or legal counsel to assist in an emergency. Those who write the checks will need to know this beforehand. You’ll also want their support when it comes time to gain consensus from other departments and employees.
- Identify key personnel or partners: Make a list of those individuals or positions that will be key to implementing your plan. This includes legal counsel, finance officers and representatives from your human resources, public relations/marketing, information technology, operations and customer services departments.
- Create a plan: The plan will include specific details such as what constitutes an incident. A good way to gauge if something is an incident is to consider how business would be interrupted or disrupted and set thresholds.
“Each company has to define what an incident is to them,” Weston says. “Some may consider logging into a firewall an incident. Others not until something has been stolen or a system breached.”
Some situations may not be severe enough to implement the incident response plan and can be handled by another policy or procedure.
The plan also defines the high-level people or positions who will be involved. It also includes assigning jobs and responsibilities to those who will respond when an incident occurs. This will help you determine where there is a gap in skills and when and in what areas outside assistance will be required.
Your plan will need to include information about how the team will communicate with one another and the tools they’ll need.
- Document and communicate: You’ll need to keep copies of your plan both on- and off-site, including an electronic copy that is readily accessible and physical copies that are stored in several locations. Electronic and paper copies should be given to stakeholders, those who will respond and take action, and any outside vendors or experts who will be retained if the plan is executed.
- Test, adjust and retest: Role play with those involved and create potential incidences in which they would be required to implement the plan. Evaluate how well the plan was executed and resolved the issues. Make adjustments as needed and then retest the plan. Weston recommends testing a couple of scenarios from a small-scale issue to a large disaster.
- Review: Assess your plan at least once a year, if not quarterly, depending upon your industry. Add new processes and critical operations as your business evolves, as employees leave and as positions change.
If you’re unsure whether your plan meets these requirements, or if the thought of all of this makes your head spin, a third-party technology services provider can help review your plan or help you create a custom plan that will ensure it follows industry standards and best practices.
Home offices, remote employees and mobile executives can compromise your business from the inside out. Next month, we’ll talk about how to educate your workforce about IoT dangers and how to mitigate the risk they bring to your environment.
|Denny Fisher, Chief Strategist