Fourth Mistake: Poor Incident Response Planning
For most organizations, the term “incident response plan” can cover a lot of ground. A proper incident response plan (IRP) determines who is responsible for what areas of the organization both during and after an ‘incident’. Too often we find organizations who have not properly implemented a plan for cybersecurity breaches… until they encounter one.
When an organization lacks a proper IRP, they leave themselves open to legal issues in the event of a security breach. Whether that breach is a malicious actor or a misconfiguration error that leads to a leak, it helps to know what the response plan is before you encounter the issue. After a breach is handled, you will be asked “what was your response plan, and how will that change in the future?”
“The right kind of plan is a plan that is focused not on the detail of the process, but more on identifying the people who were going to run the process and then giving them the discretion to tailor the process to the particular event in a way that makes sense.”
Organizations like to load up their IRPs with procedures, which bog down the actual incident response time. Instead, you can have a great incident response plan that is only three or four pages long; very, very simple. Get the right people in place and then trust them to make the right decisions in the context of the particular event.
The easiest way to figure out the right balance of procedure, legality, and responsibility is to consult with someone familiar with the processes. Idenhaus has years of experience that can help craft an IAM security solution for any organization.