Importance of Incident Response Plans

Have you ever imagined what will happen if something unexpected happens at your work place such as virus attacks to the entire computer network and suddenly you do not have resources available to perform your daily tasks? Well, I was thinking about this today and it will be very hard for me if my laptop crashes and I loss the access to all my emails and documents in it.

Incident response (IR) plans are essential in disaster recovery and business continuity as they give added protection to sensitive company data. However, many companies lack these features of having the step-by-step process of responding to data security breaches. Many business organizations may think that the IR plan doesn't serve any significant purpose and hence, they give major focus on recovering from disasters and keeping critical business systems and processes running during a disaster.

The complexity and targeted nature of attacks has continued to increase, the number of compromised records is rising, and organized crime is surfacing more often. Hence, having a solid data breach response plan in place can make the threat of a security breach less intimidating. Incident response plan, if utilized correctly, will outline who, what, when, where and how to respond to data security breaches. Imagine how useful and time saving effort it can be to troubleshoot some incident which had occurred in past we have all the documents available along with the name and contacts of the each individual who were involved to find a fix.

I do not know if the company I work for has listed incident response procedures in the information security policy, probably this is because I did not give more attention reading the paragraphs in tiny fonts of the big paper works they gave me to read and sign when I was hired. Well, I should definitely review that section of the policy and to find out if there are plans and procedures related to incident response with management buy-in to effectively protect the organization against incidents and cyber security attacks.

An Incident Response Plan (IRP) is needed because attacks frequently compromise data within organizations. The goals of an Incident Response Plan include:

• Verify that an incident has occurred

• Maintain or restore Business Continuity

• Reduce the impact of the incident

• Determine attack vectors and how the incident occurred

• Prevent future attacks/incidents

• Improve the organization’s security posture

• Keep managementinformed and follow proper chain of command procedures

By having a successful Incident Response Plan in place, organization can proactively mitigate incidents before occurring and can react quickly and effectively when incidents occur. Without an adequate Incident Response plan, organization can face massive loss of time and cost, valuable data and more importantly loss of customers’ trust to cyber security attacks without methods to mitigate, contain, eradicate, and remediate incidents.

References:

Beaver, K (n.d.). The importance of incident response plans in disaster recovery. Retrieved April 1, 2015 from http://searchdisasterrecovery.techtarget.com/tip/The-importance-of-incident-response-plans-in-disaster-recovery  

Enterprise Risk Management (2012). Building a Successful Incident Response Plan. Retrieved April 2, 2015 from http://www.emrisk.com/knowledge-center/newsletters/building-successful-incident-response-plan