Five tips for building an incident response plan
You haven't had a meltdown yet? Now's an excellent time to plan for one
Computerworld - Like all CIOs, Darryl Lemecha worries about viruses and hackers, data center problems and technology meltdowns. But what separates his worried mind from many others is a detailed incident response plan that will guide him, his IT staff and his company through whatever problems may arise.
"The more you get that down on paper, the better you’re going to be in a real crisis," says Lemecha, CIO and senior vice president of shared services for ChoicePoint Inc., a data aggregator based in Atlanta.
An incident response plan takes its place beside business continuity and disaster-recovery plans as a key corporate document that helps guarantee companies will survive whatever glitch, emergency or calamity comes their way.
"A lot of companies have that mentality -- 'We have some really good people in our organization, things are running well, the chances of something happening are small, and if something does happen, we’ll be able to deal with it.' But in the event of a real crisis, people won’t know what to do," says George McBride, director of IT risk consulting with Aon Consulting Worldwide in Chicago.
The typical response to trouble -- the deer-caught-in-the-headlights look -- is exactly why companies need such a plan, McBride says. And while a business continuity plan aims to preserve operations in the face of adversity and a disaster recovery plan details what to do in case of a disaster, McBride says an incident response plan is broader, laying out how to respond to scenarios as diverse as data security breaches and network crashes.
Given their breadth and specificity, these documents are usually lengthy and in need of regular upkeep. They will vary from company to company and even among departments within the same corporation, but here are five points that all IT-specific plans should contain. Elsewhere on Computerworld.com, Anton Chuvakin takes a look at incident response in the age of regulatory compliance, a perspective that many IT managers need to think about.
1. A sense of what can happen
You can’t possibly anticipate what will happen in a crisis or during the aftermath -- that’s the nature of the beast. But that doesn’t mean you can’t plan for one, says Ian I. Mitroff, a senior investigator at the Center for Catastrophic Risk Management at University of California, Berkeley, as well as a professor emeritus at the Marshall School of Business and the Annenberg School for Communication at the University of Southern California, an adjunct professor in the School of Public Health at St. Louis University, a professor at Alliant International University in San Francisco, and the author of Crisis Leadership: Planning for the Unthinkable (John Wiley & Sons, 2003).
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts