Forrester Senior Analyst Rick Holland identifies the keys to an effective incident response program.
This article, available through TechTarget, is a good tool for communicating with your executive team.
The article references an interesting point. According to the Forrester Forrsights Security Survey, after a breach has occurred, 25% of organizations increase spending on breach prevention technologies, while 23% increase spending on the incident response program itself.
Know your capabilities and constraints. Avoid overestimating your abilities. An outside perspective may provide clarity.
Technology spending outweighs investments in incident response programs, but technology does not equal a solution.
Time-to-detect, time-to-contain, and time-to-re-mediate are good results-oriented metrics. Think of others. Consider trending and its implications.
Larger organizations have larger challenges addressing incident response. Consider a contingency team as well as internal and external specialists.
Incident response teams should not work in isolation. Involve your vendors and suppliers.
Align security programs, including incident response, with the business value chain. Connecting the response plan to an enterprise risk assessment is key.
To avoid micro-management, establish rules of engagement that identify the need for approval balanced against the need to act.
This article provides a good set of principles to apply as you build or enhance your incident response program.
Let us help you with a response plan review that applies and expands on the ideas presented by Forrester.