What's Essential in an Incident Response Plan? Security Leaders Weigh In
A new report examines the must-have components of a security incident readiness and response playbook.
Security leaders understand the need to build defenses and develop policies to reduce the risk and potential impact of a cyberattack, but many fail to test those defenses.
A benchmark report from the Information Security Forum finds 74% of respondents do not subject critical systems to attack simulations, which can severely hinder incident response (IR) as businesses have not prepared for how to react to a security incident. By simulating specific attack scenarios, organizations can gain insights into how effective their response would be.
Building a comprehensive incident response plan or playbook should start with a vision for the IR practice, according to Eric Ahlm, Senior Research Director at Gartner.
The document should contain the following components:
IR mission statement: This rationalizes the need for an IR plan
Roles and responsibilities: This explicitly names who is involved in the IR plan and their reason for being there
Scope of incident declaration: This states what type of situations are within the scope of declaring an incident, and which are not
A new Dark Reading report, "Incident Readiness and Building Response Playbook", offers insights and tips for building and testing an incident response plan.
The full report can be accessed here.
About the Author
You May Also Like