INCIDENT RESPONSE PLANNINGIncident response is the systematic approach in which an organization handles a cyber incident or a breach. At a minimum, every organization must have a clear and comprehensive incident response plan outlining roles and responsibilities, process and procedures in the event of a cyber incident. Every person involved in executing the incident response must be trained and should have participated in a series of tests of the plan.
An incident response plan should ideally contain:
- Definition of an incident
- Guidelines in terms of process to be followed depending on the type of incident.
- Procedures for incident handling and reporting.
- Procedures for investigation, reporting, communications.
- Procedures of containment, eradication and recovery.
- Once the incident is fully addressed, remediation process for future to ensure that such an incident does not recur.