Creating a Solid Incident Response Plan
- Preparation: Identify employees and outside vendors who will handle potential incidents and prepare them for their role in incident response. If a cyber attack were to occur, it is imperative that responsibilities are clearly defined.
- Detection: Have proper monitoring in place that provides constant and comprehensive coverage of your network. Differentiate between minor and major events and have appropriate escalation processes.
- Containment: Isolate the infected system and analyze the cause of the infection.
- Recovery: Eradicate the cause of the infection (block malicious IP addresses, change passwords, patch holes, fix vulnerabilities, etc.) and put the network back into production while complying with regulatory requirements. During this time, it is also important to take measures to protect the company’s brand and image.
- Post-incident Review: Discuss lessons learned with appropriate stakeholders and take action to fix identified gaps in security, ensuring similar incidents are avoided in the future.
Put Your IRP Into Practice
Source: The Hartford, “Five Steps to Creating a Cyber Security Incident Response Plan” https://www.thehartford.com website. Accessed December 28, 2020. https://www.thehartford.com/resources/cyber-incident-response-plan
© Copyright 2020. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.