Incident Response Plan
In the age of rapidly evolving technology, it is important for all businesses, large or small, to have an incident response plan (IRP) set in place in the event of a cyber-attack. The idea of an IRP is based on preparing for and responding to unforeseen, negative events that may affect a business or organization. Today, it is more of a question of when these cyber-attacks will occur rather than if they will occur. The IRP incorporates many fundamentals to help in these instances, such as, prevention, preparation, planning, incident management, recovery, mitigation, remediation, post incident analysis, and lessons learned. It is recommended that XYZ Retail Company implement the following guidelines to best prepare for a cyber-attack. The
…show more content…
The Executive and Board of Directors may receive some form of notification whether through an alert or directly from an employee whose computer is not acting correctly. Once an event is deemed and incident, it is crucial to identify the source and type of incident so that proper response actions may begin. The IRT should be notified and informed of the findings thus far so that the team may begin their response process. Also, if the source or type of incident seeks legal attention, it is best to contact law-enforcement early in the process to begin investigations. Correspondingly, it is recommended to begin documentation as early as the first notification and document each step of the process to follow because it will help significantly …show more content…
With that being said, the plan needs to be practiced and tested regularly in order to detect flaws or just simply to improve timeliness. Technology evolves so quickly that these plans must stay up to date as well. References
N., & C. (2010, October 9). Recommended Practice: Developing an Industrial Control Systems
[PDF]. US Department of Homeland Security.
ODell, P. L. (2014). Cyber 24-7: Risks, Leadership, Sharing. Place of publication not identified:
Createspace Independent.
Spidalieri, F. (2015) Fundamentals of Cybersecurity for Managers, Management of Cyber
Opportunities and Threats. Burlington: Jones & Bartlett
The Executive and Board of Directors may receive some form of notification whether through an alert or directly from an employee whose computer is not acting correctly. Once an event is deemed and incident, it is crucial to identify the source and type of incident so that proper response actions may begin. The IRT should be notified and informed of the findings thus far so that the team may begin their response process. Also, if the source or type of incident seeks legal attention, it is best to contact law-enforcement early in the process to begin investigations. Correspondingly, it is recommended to begin documentation as early as the first notification and document each step of the process to follow because it will help significantly …show more content…
With that being said, the plan needs to be practiced and tested regularly in order to detect flaws or just simply to improve timeliness. Technology evolves so quickly that these plans must stay up to date as well. References
N., & C. (2010, October 9). Recommended Practice: Developing an Industrial Control Systems
[PDF]. US Department of Homeland Security.
ODell, P. L. (2014). Cyber 24-7: Risks, Leadership, Sharing. Place of publication not identified:
Createspace Independent.
Spidalieri, F. (2015) Fundamentals of Cybersecurity for Managers, Management of Cyber
Opportunities and Threats. Burlington: Jones & Bartlett