Background:
Cyber-crimes and the annual costs incurred by business are on the rise year over year. In 2017, the average cost of a data breach alone in North America is $1.3 million for enterprises and $117,000 for small and medium-sized businesses (SMBs), according to a report from Kaspersky Lab.
So what can an organization do to reduce their risk? The most common response is to recommend technology overkill, and mostly that is address with a balance of intelligent security tools, governance practices and focused training of team members.
In this article, I will explain about most important and vital plan to keep in-place that will help organizations and security incident response teams (SIRT) to be well prepared and organized for handling security incidents in an effective way.
Security Incident Response Plan:
Mostly referred as SIRP is a plan developed, reviewed and implemented by Security In-charge to handle security incidents.
SIRP plan on high-level should include:
1. Security Incident Response Plan Policy
2. Security Incident Response Plan Testing Procedure
It is commonly known that a well-defined, published and acknowledged policy will be hard for employee to deny wrong doing when you have signed papers showing review of existing policies.
So let’s take a start from Policy.
Following section is not uniform and may differ organization to organization based on their own format of Policy drafting.
- Executive Statement
- Purpose
- Scope
- Cancellation or Expiration
- Roles & Responsibilities
SIRP policy should include but not limited to:
- Service or Product description
- Contact Information (contact information for dedicated team members to be available during business / non-business hours should an incident occur and escalation be required)
- Triage
- Identified Mitigations & Testing
- Mitigation & Remediation Timelines
SIRP Policy must also provide reference to below documents;
- Security Incident Response Plan & Testing Procedure
- Security Incident Identification & Severity
Conclusion:
In this article we understood importance of security incident handling and how to start with policy document. I will soon publish part 2 in series of SIRP articles that will give insight about preparing SIRP Testing Procedure which will be the actual plan for preparing security teams and carrying out SIRP test.