Skip the navigation

Five tips for building an incident response plan

You haven't had a meltdown yet? Now's an excellent time to plan for one

By Mary K. Pratt
May 16, 2007 12:00 PM ET

Computerworld - Like all CIOs, Darryl Lemecha worries about viruses and hackers, data center problems and technology meltdowns. But what separates his worried mind from many others is a detailed incident response plan that will guide him, his IT staff and his company through whatever problems may arise.

"The more you get that down on paper, the better you’re going to be in a real crisis," says Lemecha, CIO and senior vice president of shared services for ChoicePoint Inc., a data aggregator based in Atlanta.      

An incident response plan takes its place beside business continuity and disaster-recovery plans as a key corporate document that helps guarantee companies will survive whatever glitch, emergency or calamity comes their way.

"A lot of companies have that mentality -- 'We have some really good people in our organization, things are running well, the chances of something happening are small, and if something does happen, we’ll be able to deal with it.' But in the event of a real crisis, people won’t know what to do," says George McBride, director of IT risk consulting with Aon Consulting Worldwide in Chicago.   

The typical response to trouble -- the deer-caught-in-the-headlights look -- is exactly why companies need such a plan, McBride says. And while a business continuity plan aims to preserve operations in the face of adversity and a disaster recovery plan details what to do in case of a disaster, McBride says an incident response plan is broader, laying out how to respond to scenarios as diverse as data security breaches and network crashes.   

Given their breadth and specificity, these documents are usually lengthy and in need of regular upkeep. They will vary from company to company and even among departments within the same corporation, but here are five points that all IT-specific plans should contain. Elsewhere on, Anton Chuvakin takes a look  at incident response in the age of regulatory compliance, a perspective that many IT managers need to think about.

1. A sense of what can happen

You can’t possibly anticipate what will happen in a crisis or during the aftermath -- that’s the nature of the beast. But that doesn’t mean you can’t plan for one, says Ian I. Mitroff, a senior investigator at the Center for Catastrophic Risk Management at University of California, Berkeley, as well as a professor emeritus at the Marshall School of Business and the Annenberg School for Communication at the University of Southern California, an adjunct professor in the School of Public Health at St. Louis University, a professor at Alliant International University in San Francisco, and the author of Crisis Leadership: Planning for the Unthinkable (John Wiley & Sons, 2003).

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!