Five tips for building an incident response plan
You haven't had a meltdown yet? Now's an excellent time to plan for one
Computerworld - Like all CIOs, Darryl Lemecha worries about viruses and hackers, data center problems and technology meltdowns. But what separates his worried mind from many others is a detailed incident response plan that will guide him, his IT staff and his company through whatever problems may arise.
"The more you get that down on paper, the better you’re going to be in a real crisis," says Lemecha, CIO and senior vice president of shared services for ChoicePoint Inc., a data aggregator based in Atlanta.
An incident response plan takes its place beside business continuity and disaster-recovery plans as a key corporate document that helps guarantee companies will survive whatever glitch, emergency or calamity comes their way.
"A lot of companies have that mentality -- 'We have some really good people in our organization, things are running well, the chances of something happening are small, and if something does happen, we’ll be able to deal with it.' But in the event of a real crisis, people won’t know what to do," says George McBride, director of IT risk consulting with Aon Consulting Worldwide in Chicago.
The typical response to trouble -- the deer-caught-in-the-headlights look -- is exactly why companies need such a plan, McBride says. And while a business continuity plan aims to preserve operations in the face of adversity and a disaster recovery plan details what to do in case of a disaster, McBride says an incident response plan is broader, laying out how to respond to scenarios as diverse as data security breaches and network crashes.
Given their breadth and specificity, these documents are usually lengthy and in need of regular upkeep. They will vary from company to company and even among departments within the same corporation, but here are five points that all IT-specific plans should contain. Elsewhere on Computerworld.com, Anton Chuvakin takes a look at incident response in the age of regulatory compliance, a perspective that many IT managers need to think about.
1. A sense of what can happen
You can’t possibly anticipate what will happen in a crisis or during the aftermath -- that’s the nature of the beast. But that doesn’t mean you can’t plan for one, says Ian I. Mitroff, a senior investigator at the Center for Catastrophic Risk Management at University of California, Berkeley, as well as a professor emeritus at the Marshall School of Business and the Annenberg School for Communication at the University of Southern California, an adjunct professor in the School of Public Health at St. Louis University, a professor at Alliant International University in San Francisco, and the author of Crisis Leadership: Planning for the Unthinkable (John Wiley & Sons, 2003).
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts