Ten Steps to Planning an Effective Cyber-Incident Response.
Tucker Baily and Josh Brandley, both with McKinsey, published an article on the HBR blog network identifying the 10 steps towards an effective incident response plan. Their article highlights some of the experiences that led to their conclusion. It’s worth a quick read.
Here I paraphrase their list to emphasize the key points and I relate these points to our response management framework.
- Assign a lead executive responsible for the plan and its implementation.
This executive is a key member of our core response team.
- Develop a taxonomy of risks, threats, and potential failures
or as we like to say “align incident response to risk assessment”.
- Develop quick response guides for likely scenarios.
This is our incident-action matrix - each row represents actions for a specific incident type.
- Focus on major decisions, for example, when to isolate a system or part of a network; establish the procedures for these major decisions. This is a continuation of the incident-action matrix.
- Maintain relationships with external stakeholders, for example, law enforcement.
External stakeholders are part of the extended response team.
- Develop relationships with external experts and service providers; include service level agreements.
These are additional members of your extended response team.
- The response plan needs to be refreshed and available.
- Ensure response team members know their role (see 10).
- Identify key response team members; insure redundancy.
- Train, practice and simulate incident response activities.
This is a good list of 10 key success factors for an effective incident response program. It serves as a good checklist against our Response Management Framework. Let us help you with a response plan review that considers your information security risk assessment.
Bailey, Tucker and Brandley, Josh, “Ten Steps to Planning an Effective Cyber-Incident Response”, Harvard Business Review Blog Network, July 1, 2013. Retrieved 03/07/2014 from: http://blogs.hbr.org/2013/07/ten-steps-to-planning-an-effect/.