• Case Lookup
  • Emerge Login
Locate Us
Join Us
Français
Compugen logo Home
  • Business Solutions ^
    • Business Solutions
    • Datacentre & Cloud ^
      • Datacentre & Cloud
      • Converged Datacentre
      • Cloud Computing
      • Server Virtualization
      • Enterprise Storage
      • Data Management & Protection
    • Communication & Collaboration ^
      • Communication & Collaboration
      • Business Communications
      • Networking
      • Wireless
    • End User Computing ^
      • End User Computing
      • Desktop Management
      • Mobility
      • Application Delivery
    • Security
  • Products & Services ^
    • Products & Services
    • Managed & Packaged Services ^
      • Managed & Packaged Services
      • Managed Solutions
      • End User Support
      • Infrastructure Support
      • Software Management
      • Managed Print
      • Packaged Services
    • Professional Services ^
      • Professional Services
      • Program & Project Management
    • Support & Maintenance ^
      • Support & Maintenance
      • Imaging & Deployment
      • Ongoing Maintenance
      • Staffing
    • Asset Disposal & Recycling
    • Hardware & Software Management ^
      • Hardware & Software Management
      • Hardware
      • Software
      • Online Lifecycle Management (Emerge)
    • Financing
  • Industry ^
    • Industry
    • K-12 Education
    • Higher Education
    • Heathcare
    • Retail
    • SMB
  • Learning Center ^
    • Learning Center
    • Blog
    • Customer Stories
    • Events & Training
    • News & Awards
    • Resources
  • About ^
    • About
    • Our Story
    • Leadership
    • Our Offices
    • Our Partners
    • Careers ^
      • Careers
      • Current Opportunities
    • Green Initiatives
    • Community Involvement
  • Contact Us
IT Buzz Banner

Looking for a little inspiration, some ideas or trusted advice? We've got you covered.

How to Create an Incident Response Plan

Posted By Marc Perreault Director, Security Operations July 08, 2021

Microsoft Teams image 15

In part one of this blog, I outlined the reasons why organizations need an Incident Response Plan (IRP). Any organization that stores Personally Identifiable Information (PII) or private financial data needs to have a plan in place for when (not if) they are hit with a cyberattack.

Without an IRP in place, an organization targeted for a cyberattack can spend two to three days trying to figure out what needs to be done, who is responsible for what, and what needs to be communicated to whom. I have seen this firsthand and unfortunately this reaction only compounds the damage done by the attack. With a proper IRP in place, these issues will already have been worked out and the team can immediately get to work to mitigate the impact of the breach.

A collaborative approach to designing an IRP

One of my roles here at Compugen is to work directly with clients to help design an IRP that best fits their organization. Everything we do is based on recommended protocols from the National Institute of Standards and Technology Computer Security Incident Handling Guide (NIST 800-61). That being said, an IRP is not a one-size-fits-all proposition. The way we determine the best fit is by holding a private workshop with a tabletop mock cyberattack, walking through the various stages of what needs to be done.

You’d be surprised at how tricky even the simplest tasks can be when under the pressure of responding to a cyberattack. For example, one of the first things to be done when you’ve been breached is to create a data inventory of what is stored where in the system. I was once in a workshop with various members of the executive team and asked them if they had payment card information stored on their systems. Three of them gave me three different answers. One thought it was in the cloud, one thought it was stored on-premises, and another thought they didn't store it at all. This kind of disconnect about where secure data resides can be devastating in the first hours following an attack.

As another example, suppose you lost access to your contacts list on your phone and had to call a friend or family member from someone else’s phone. How many of your close contacts could you call simply by knowing their cell number off the top of your head? Judging from my own situation, I’m guessing it is very few, if any. Now suppose you are part of an organization that has been hit with a ransomware attack and has now lost access to the company directory. You need to communicate critical information to a list of people right away but how will you do it?

Simulated attack, real results

One purpose of the IRP is to have these pieces in place before you get hit. That’s why in the workshop we walk you through creating a data inventory. We will help you create a contact list with step-by-step directions for what needs to be done and when.

We will also guide you in assigning key roles to lead the team through the incident response. Let’s face it, not many organizations have designated cyberattack team leaders, and as a result, people don’t know whose instructions they should be following. This is probably the worst possible scenario that could arise and yet, it is all too common.

The workshop is usually held over two sessions with each session running about three hours. The break in between sessions ensures the team can complete some real-world assignments like creating an offline contact list and defining who the key team members are. We work with each client to ensure the IRP is tailored to their specific needs. At the end of both sessions, you will have peace of mind knowing your organization is prepared for any number of cyberattacks.

If you’d like to find out more about how an IRP can better protect your organization, feel free to drop me a line. I’d love to discuss it with you.

Security Cybersecurity Incident Response

< Previous Article

Top five things to consider before adopting hybrid IT

Next Article >

I’m ready to adopt hybrid IT – now what?

We address the bottom of the iceberg. Sign up and get relevant and timely content about our approach to business through an IT lens.

Navigation

Business Solutions

  • Industry
  • Datacentre & Cloud
  • Communication & Collaboration
  • End User Computing
  • Security

Products & Services

  • Managed & Packaged Services
  • Professional Services
  • Support & Maintenance
  • Asset Disposal & Recycling
  • Hardware & Software Management
  • Financing

Customer Stories

  • Corporate
  • Education
  • Energy and Utilities
  • Finance
  • Healthcare
  • Non-profit
  • Public Sector
  • Retail

About

  • Our Story
  • Leadership
  • Our Offices
  • Our Partners
  • Green Initiatives
  • Community Involvement
  • Awards

Careers

  • Working at Compugen
  • Current Opportunities

Contact

  • Find A Location

News & Articles

  • Find A Location
  • Awards

Client Login

  • Case Lookup
  • Emerge Login

Industry

  • K-12 Education
  • Healthcare
  • Higher Education
  • Retail
  • SMB

Connect With Us

  • twitter
  • facebook
  • linkedin
IT Buzz
  • Privacy Policy
  • Accessibility
  • Terms & Conditions
  • National Master Standing Offers (NMSO)
  • Terms of Product Sales
  • Terms for the Supply of Services

©2023, Compugen Inc. Website by Caffeine Creations.