A good and acceptable response policy should contain the
following in it:
- Clarity abbout portfolio of products/ services the company is
offering.
- Determining the responsibility: This means knowing who will be
authorized to remove/ contain a compromised system, its impact on
availability of higher- level function.
- Prioritising the needs of the organisation, Examples: COO goal
would be setting a response team to get the pbusiness operations
back on track with services/ products being avaialble to meet the
business requirements; the legal counsel may be prioritising the
investigation of the incident and collecting evidence. This can
also include assessing these situations and fleshing out
arrangements to tackel the response or in the archives that are
identified.
- Assessing the level of tolerance of the organisation is also a
key.
Sunsequently, the draft presentation should also address when
the company consults its legal counsels, its cyber risk insurance
provider and the public relations team to communicating with
stakeholders/ customers.
According to the best practices, it is advisable to use the 6
step framework while building a company specific plan. The steps
included in the framework are as follows:
- Prepare: The company's emergency response task force requires
to be fined tuned to face any incident.There needs to be a defined
security policy that can be implemented. The security policy
usually contains acceptable use of data, security breaches and
defining the incident which can qualify for the activating the
plan.
- Identify: Defining the criteria for activating the security
risk. It can also include cumulative steps/ circumstances
triggering the risks. This can include any risks within information
systems or even inventory management syatems
- Contain: How can the threat be restricted. The company's
incidence response policy should encompass steps to be taken
immediately or to restrict the risk in long run. The steps taken
immediately can include backing up data and preventing the spread
of risk. Long term containment usually includes helping the systems
and process recover and get back to normalcy to restore business
operations.
- Eradicate: Bringing in process to restore all affected systems.
Removing any traces of the security bug/ security issues that
caused the security incident. Updating the system security and
installing necessary updates that will prevent similar incidences
in future.
- Recover: Verifying processes to ensure they are free from any
errors that could cause any new security incidences infuture.
Initiating systems and procedures to bring back business operations
to full restore normalcy (containing business growth as
normal).
- Learn: It is very important for any company to learn from
previous mistakes/ errors. The company should update its procedures
including guides for incidence/risk management to tackel any such
risks in future.