March 10, 2022
You’re Protected, But You Can’t Get Into The Washroom?
Your company has taken the time to create a comprehensive Incident Response Plan (IRP), and the team is confident their ability to detect and respond to evolving cyber threats. This weekend, the team is going to head into the office and do a run through to ensure there are no flaws in the IRP. The mock response team is working well together, and decide to take a break. It is only then that one of the team members realizes the bathroom is locked and they can’t get in. That will make for a long 8-10 hours of testing without any access to the washrooms.
Note to the team: Include custodial contacts in your IRP.
This is a true story, and a great reminder to not only build an effective IRP but to also test out your plan, do it in the most inconvenient way possible and identify where the gaps lie. Does the custodial team REALLY need to be included on the Incident Response Plan, or does a secondary asset need to be created to serve as a step by step guide to outline every step of not only the IRP but the operational steps as well. Let’s break down what this may look like.
It’s best to find out things like “you can’t use the washroom” during a drill as opposed to the real crisis day.
An incident response plan is a set of instructions to help IT and executive staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten productivity. A sufficient incident response plan offers a course of action for all significant incidents. Some incidents lead to massive network or data breaches that can impact your organization for days or even months. When a significant disruption occurs, your organization needs a thorough, detailed incident response plan to help IT staff stop, contain, and control the incident quickly.
Don’t forget the Playbook.
On the other hand, a playbook is also a valuable asset to have during a crisis. An incident response playbook empowers teams with standard procedures and steps for responding and resolving incidents in real time. A playbook is a more step by step guide encompassing all aspects of the business when under duress. Its target audience is generally for the system admin when they are amidst an incident, they are under stress and pressure, and they can’t contact people easily. It outlines step by step what the person should do. This step by step guide is very specific, and the general audience is much smaller.
An IRP serves as your fire escape plan, and the playbook serves as step by step guide to escaping the fire safely. And one thing to remember, if you are storing your IRP on a digital database, ensure there is an accessible hard copy somewhere to ensure the process can still be accessed.
Ensure you have operations represented in your plan. We know that for IT, it is important to prioritize security and confidentiality, but from an operations perspective the priorities are performance and safety. Is OPS represented in your IRP? You can ensure ops is protected by first completing an asset inventory checklist, and then creating an effective IRP for operations by accessing our interactive worksheet, and finally be sure to add it to your organizations IRP.
Wondering if your business needs an IRP? Let us leave you with this: If your network hasn’t been threatened yet, it will be. If it has, then you know the chaos that can follow a cyber attack. Whether a threat is virtual (security breaches) or physical (power outages or natural disasters), losing data or functionality can be crippling. An incident response plan and playbook can help you mitigate risk and prepare for a range of events.