When you’re running a global company, it requires a daily comprehension of highly technical issues (presented by your CISO) coupled with rapid response. An Incident Response Plan not only provides you with more peace of mind, but it educates non-technical departments about what needs to be addressed in times of emergency.
“In a real crisis, which we’ve seen time and again, the TDI clients who maintain an updated Incident Response Plan will apply the least amount of man hours, capital and overall disruption to business operations,” said Phillip Parmer, MBA, PMP, CISSP, CISA, Senior Program Manager at TDI.
Here are a few items that should be included in your 2017 plan:
- Members of the Team
One of the most important parts of the plan is determining who is on the Incident Response Team. This should go beyond the IT department and incorporate all areas of the enterprise (HR, marketing, finance, etc) - Cross-Communication
An important component in your incident response plan is securing phone numbers and full contact information in all departments to keep everyone on the same page - Responsibility Map
Who’s doing what? This goes beyond the IT department. Do you really want the head of each department demanding to know how the breach will be fixed and who’s doing it? - Organization
Where is your information stored? Who has access? You’ll need details as well as soft and hard copy organization - Testing
Who will test your plan and how? This should be decided, deployed and updated regularly.
For more tips on updating your 2017 Incident Response Plan, contact TDI for a more comprehensive publication on planning your response in an emergency.