Question

In no more than 200 words, please identify what are the core components of a Cyber Incident Response plan? What groups / functions need to be involved in your cyber incident response? Write in details in your own analysis

Answer 1

The core components of a cyber incident response plan:

1.PRACTICE MAKES PERFECT:Regardless of the specific details of your IRP, it’s only half the equation for success.Your enterprise and your incident response team needs to practice the procedures laid out in your IRP so that they’re prepared for an actual security event.Practice also allows you to evaluate where your incident response plan is strongest and weakest,and therefore where reinforcement is necessary.

2.THE CHAIN OF COMMAND IN YOUR INCIDENT RESPONSE TEAM:Keep in mind that there should be a proper way to response they never do the following things

Quick! A security breach is happening! Your IT team leader is evaluating the situation and directing the response! Wait no! The CISO needs the team to deal with the threat differently! Wait! Drop everything! The CTO has come in and is barking orders!

3.PROCEDURES AND PLANS THAT FIT YOUR ENTERPRISE'S NEEDS:Always use that kind of plans which full fill your need not like,that enterprise use that plan so we should follow that plan.if you have that kind of mind may be your enterprise will be sometime get profit but there is a big chance to get effected.

4.HONESTY IS THE BEST POLICY:The most important part is your policy.Every IRP should have external communication policies that are clear, immediate, and consistent for alerting your customers, relevant regulatory bodies, and investors of a cyber security event.

Groups / functions need to be involved in your cyber incident response:

Incident Response Planning has proven to be most effective to help organizations respond to incidents when at least three distinct functions are in place:

1. The Computer Security Incident Response Team (CSIRT)
2. The Legal Expert
3. The Public Relations/Communications Expert