Reviewing incident response plans for data risk preparedness

Don’t let holes in your incident response plan review open gaping vulnerabilities in how you act on security events.

reviewing plans
Daniel X. O'Neil (CC BY 2.0)

Incident response plan reviews are growing in importance with the rapidly increasing numbers and types of information security incidents that companies must face. The enterprise must approach these reviews with a view toward effective event response.

Yet more than one-quarter of incident-response (IR) professionals (26 percent) are dissatisfied with their current organization’s IR capabilities, calling them ineffective, according to a SANS Institute survey on the state of IR. After initial plan creation, the review is the opportunity to correct that ineffectiveness.

Where to look for new information risks

The point of reviewing an incident response (IR) plan is to ensure that it still addresses the real risks that an enterprise faces. To update an IR plan to include new risks, an organization must have ample resources that provide an awareness of at least the moderate to high risks. These are the risks that are most likely to result in damage.

Some of the best resources are records of recent events involving data breaches, and, according to M. Scott Koller, counsel at BakerHostetler, the use of tabletop exercises. Tabletop exercises can show an enterprise how it is not prepared.

[ ALSO ON CSO: Why you need more than daily practice to be good at incident response ]

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon