About Incident response plan? The Incident response plan is defined as the cluster of information which is used at the time of the incident. The incidents can be of any type like cyber-attacks, breaching into firewalls, planting virus. Most of the organizations have an incident response plan to avoid data loss.
Do we really need incident response plan? Yes, the incident response plan plays an important role in organizations structure. As the incidents are unexpected and to tackle them, the organization must have a strong incident response plan. Without the incident response plan, the organizations can become an easy target to the cyber-attacks or breach into firewalls by which the valuable information of the organization is compromised.
How many types of incidents are there? The types of incidents are classified into two different categories they are natural incidents and organizational incidents. The natural incidents include hurricanes, earthquakes, floods, fire, and tsunamis. Whereas the organizational incidents include failure of a software part, virus plantation, theft, cyberterrorist attacks and firewall breaches. With all these incidents keeping the organizations members prepare a strong effective incident response plan to make sure the organization is safe and secure.
The Goal of Incident response plan? As the incident response plan is to avoid the incidents striking the organization in an effective way. The incident response plan reduces the incident from occurring it again and reduces the risk to organizations investors and staff members. It is prepared in such a way that an organization can handle the damage from the incident and resurgence to its normal position in no time. The incident response plan limits the damage occurred from the incident and reduces the time of getting back on its feet and falls into organizations budget.
Progression of an incident response plan
Groundwork. To tackle the incidents striking the organization, the staff members and security team should take watchful procedures like endpoint protection is installed on all workstations, strong and encrypted firewall, accessing the internet only through the organizations virtual private network(VPN).
Spotting threats. In this phase, the security team must find the pieces of data that show possibly suspicious activity on the entire system or network. There are incident causes that show the actual existence of the threats in the network and the security team must be conscious of it.
Suppressing the threats. In this phase, the security team finds the threat infected networks and compromises it before the further damage to the organizations network. The security team must update the configurations of the network security guidelines at once after the attack as this prevents the threat spreading to the valuable information.
Annihilation of threats. The threats which are compromised are the removed from the network in this phase. All the infected networks or systems are replaced depending upon the damage occurred by the incident. After getting rid of the threats, the systems are rolled back to the normal position with the updated security guidelines and further investigation is processed for any left-out traces of the viruses.
Incident regaining. After the incident strikes the organization and the security team manages it and all the things are back to normal operation. The security team will often update the security guidelines of the network to avoid next incident striking back and make sure the threat or virus is completely removed from the network. The incident log files and damage report are maintained by the security team for future avoidance of threats to the organization.
Scope of the incident response planning committee
The incident response planning committee is arranged in such a way that it consists of important and typical stakeholders of the organization. Stakeholders are the chief decision makers during the planning process. They play an important role in forming the incident response planning committee. Stakeholders are chosen based on standing for the entire group including their individual concerns and can act as a decision maker.
General manager. The general manager handles profit and loss of the organizations. The duties of general manager include operative planning, verdict making and directing.
Data holders. Data holders handle valued data and are the vital ones in discovering and reporting the breach and serve as a middleman between the company and breach.
People operations. People operations work with the organization area to avoid further exposure to private information breaches and to identify the extent of the breach.
Site manager. Site managers duty is to secure the area of the breached isolated information of the organization and give reorganized information to the security team.
Online System support. The staff of online system support will notify the security team about that incident response plan has been implemented and will look for the suspicious activity on the systems.
Security team. Investigates the breach and decides whether to implement the incident response plan or not. The team handles all the documentation consisting the cause of the breach and notify the higher management of the organization.