Is Your Incident Readiness Plan Ready?

Don’t wait for a security incident to discover your true level of preparation—know that you definitely will face one, so it’s critical to always have a current and comprehensive Incident Readiness (IR) plan in place.

hands hold an iPad with an incident readiness checklist in a server room

As we have said before, if you have computers you’re going to have a security incident. So it’s critical to have a current and comprehensive Incident Readiness plan in place. We can help you, but it’s important to know that incident response readiness isn’t something you can buy.

It’s something you need to build.

“Alas!” your CFO might shout, “What you’re talking about doing to prepare for an incident is disruptive and expensive!”

That’s true.

But incident readiness isn’t preparing you for the next incident. Incident readiness prepares your organization for every incident you will ever have.

Once you get this down, the way your organization handles all incidents will be more efficient and effective. It will be cheaper and less disruptive in all ways-whether you’re looking at pure costs, regulatory sanctions, fines and fees, litigation, or brand damage.

Best of all, these benefits are iterative: the more incidents you handle, the better you get at handling all incidents.

Incidents Are Disruptive

An information security incident (such as a hack, a data breach, or ransomware) affects your entire organization – from customer support to employee morale, from public reputation and shareholder confidence to regulatory compliance.

Well Handled Incidents are Less Disruptive, Less Expensive

The most effective responses we’ve seen are not just “all-hands-on-deck,” for technical teams; they’re collective, cross-functional problem-solving.

Poorly Handled Incidents are More Disruptive, More Expensive

The worst security incidents – those resulting in the greatest financial and brand damage, the longest and most expensive recovery time, the most costly and distracting lawsuits and regulatory actions, the most embarrassing public relations fiascos – happen when they occur at companies that haven’t created a comprehensive incident response plan.

Ask Questions

There are questions to be asked. The answers drive policy, procedure, and runbook creation, and the strategy that guides how your organization will respond when the time comes.

Some of the most basic questions to ask now:

  • Has your legal team trained for an information security incident, and do they know how to review proposals, plans, communications, and legal actions related to it?

  • Have you identified a Core Incident Response Team comprising key decision makers and tactical leaders from engineering, information technology, information security, legal, communications, change management, and executive leadership?

  • Have you got an incident response firm on retainer? How often do you speak with them?

  • Have you developed a security communications strategy, and does it reflect more than just what not to say, but also how you will craft security comms for internal, customer-facing, and public statements to reflect the truth as well as be consistent with core company values?

  • Have you got policies, procedures, and runbooks in place that consider not just the incident but post-incident actions (beyond root cause analysis)?

  • Have you tested these? When?

Evertas Professional Services pros have responded to hundreds, if not thousands of information security incidents over the past 20 years, and can help your company prepare. But again, they can’t do it for you.

A roadmap clearly outlining the path toward optimal readiness puts you confidently in control when incidents inevitably occur.

What you’ll need is:

  • Assessment of current policies and resources earmarked for security incidents.

  • Evaluation of out-of-band communications and networking strategies and resources.

  • Evaluation of internal and external security communications plans and procedures, roles and responsibilities, and incident command structure.

  • A complete review of security settings on key systems relevant to performance during an incident.

  • At least one tabletop exercise and post-TTX action report.

You should be conducting these activities on a quarterly basis.

Contact our team today to get your readiness assessment started!