Survival of the Fittest – Incident Response Planning

In this “assume breach” world, survival usually means having a response plan in place before an incident occurs. Matthew J. Scwartz, Executive Editor of DataBreachToday, asked seven cybersecurity experts how organizations can better detect, defend, and mitigate cyber attacks; the overwhelming responses revolved around incident response plans. Given that you will not detect an attack if you cannot see it, investing in intrusion detection and monitoring is fundamental to being able to respond timely. However, once an attack has been detected, those practiced and validated incident response plans guide mitigation and recovery efforts. It is also important to remember that incident response plans are not developed in a silo by a single department, but include internal and external stakeholders who need to be involved in the plan. Learning lessons from other breaches is also valuable; assessing previous breaches are great during tabletop exercises or workshops. Whether the incident is due to a cyber attack, an emergency, or a natural or man-made disaster, developing plans is the key to recovering effectively. Read the post at Bank Info Security