join-now
login-now
 
Incident Response Plans and Risk - Part 2 of 3
User Rating: / 0
PoorBest 
BankIT Blog - Security Breaches
Friday, 13 August 2010 00:00

Bookmark and Share

In a previous post, I discussed some of the risks of data breaches and identified an important control to mitigate those risks - a good Incident Response Plan.  In this post, I'll present some of the components that go into an effective plan and attributes of its implementation.

A good Incident Response Plan includes:

1) An overview, backed by Security Policy, of the plan's goals (e.g. risk mitigation)

2) Procedures, at least at a high level, for management response (e.g. Internal Notification, Initial Analysis, Respond, Document, External Notification, Damage Assessment, Policy Revisions) and technical response (e.g. Detect, Internal Notification, Contain, Analysis and Forensics, Eradicate, Restore, Document)

3) Specific roles and responsibilities defining who does what, who reports to whom, etc.

4) Clear activation and notification requirements, with definitions of terms if you need them

5) Current list of incident response contacts (e.g. regulators, card brands, state attorney general, law enforcement)

6) Include specific reference and procedures for applicable regulations (compliance documentation) like GLBA, FFIEC, PCI DSS, state data breach notification laws

7) Consider the existence of cyber-insurance insurance coverage, if any, and how to make a claim

 

To implement the plan effectively, your policies should addess

1) Incorporating the plan into your Risk Assessment (since it does indeed mitigate those risks we discussed last time)

2) Incorporating it into your security awareness program, with additional IR team training as needed

3) Using a standard report to consistently record and log IR actions, from discovery to final reporting

4) Holding the IR team and external providers accountable for following the plan

5) Auditing the plan at least annually

 

Incident Response in practice is weaved into many areas of Information Security Program, including risk assessment, policy, documentation, vendor management and compliance management.  My next post will address some of the items most commonly left out of IR plans, but are nonetheless critical to have on hand.

 
 

This content has been locked. You can no longer post any comment.

Blog Categories

Archive

Search


Most Popular Tags

Recent Comments

Follow bankitprogram on Twitter

 

Home | BankIT Framework | Products | Services | News & Events | About Us | Community | Privacy Policy

      Copyright © 2010 Technology and Networking - All Rights Reserved               Call Today 1-800-455-2721