A comprehensive incident response plan has multiple dimensions. To avoid missing key elements and costly mistakes, consider response planning from four different angles.
Events ranging from malware outbreaks to computer equipment loss or theft are addressed in the response plan; define the scope of incident categories to be handled by the response program. Avoid surprises.
Departments supporting the core team of responders should be identified and included in the program development as appropriate. Team members need to be aware of their role and responsibilities in advance.
Computer security incidents need to be prioritized in a consistent manner. Considering the factors that impact the organization; the higher the impact the higher the priority. Align resources with value.
Response actions should be identified in advance along with the responsible individual or department. Playbooks should be developed to prescribe the sequence of response actions based on the incident type and its potential severity.
Threats, and their potential ramifications, vary greatly, ranging from an easily handled, spyware infected system to a complex and costly (both in dollars and reputation) massive data breach. It is impossible for the incident response team to develop its plan during the crisis. To save valuable time and to avoid costly mistakes the response plan must be created, tested and understood prior to the occurrence of a problem.