When a breach is discovered, there is a flurry of tasks to be assigned and completed before the environment returns to normal operations. Thankfully, a good portion of this communication and recovery plan can be laid out ahead of time. Working out a ready game plan with accessible resources will expedite recovery efforts in the event you are faced with a security incident.
Key Contacts
Identify and document contact information for everyone on the recovery team. Ensure these resources understand their assigned role and responsibilities.
- Designated Incident Commander/Lead
- Third-Party Responder, Cyber Insurance…..
Resources for Investigation
Identify and maintain tools that show what’s vulnerable in the organization and how things looked before the incident. Ensure a team member is trained and identified to manage your monitoring and alerting system.
- Backups of Important Data
- Network Diagram and Asset Inventory…..
Communicate Existing Plans
Every user should understand their role in maintaining the organization’s security. Communicate Incident Response and Disaster Recovery plans to everyone listed, and give end-users a convenient place to report system anomalies.
- Run Quarterly Incident Response Tabletops with the IR team…..