Incident response is an area of cybersecurity that many people feel uncomfortable discussing. It’s difficult to fathom that even with considerable investment in qualified staff and robust defenses that your organization could still be the victim of a cyber-attack. This line of thinking can cause C-level executives to question the investments in cyber security and be skeptical of future investment. Before writing off incident response planning because of your organization’s current security posture, consider what your reaction would be if your organization was hit with the next WannaCry ransomware attack.
Creating your incident response plan while responding to a cyber security incident creates a situation ripe for disaster. Not knowing who the incident handler is can lead to circular discussions on who is spearheading the response, not understanding what data needs to be saved for forensic analysis results in drives being restored from backups, and not having communication throughout the process eliminates the possibility of good information sharing. This results in people going different directions with no unified goal.
A detailed Disaster Recovery plan addresses these issues and gets everyone moving in the same direction. The incident handler gets the right people into position and manages resources to ensure that responders are working towards the same goal. Having administrators and technicians understand what data needs to be retained allows you to analyze the initial compromise after you are out of down time.
Having communication flow from a single point of contact provides a unifying voice for responders and allows them to focus on the response instead of creating unproductive communication. Implementing this style of plan keeps everyone informed of what needs done, who is doing it, and who is communicating what is going on.
Starting from scratch on creating your plan can be a daunting task. Cisco provides a helpful guide on creating an incident response plan. Think of this guide as the outline to your first draft of your new plan.