Dell Secure Works has a great guide to minimize the impact of a security breach. Their first tip is regarding having a plan in place should a disaster strike. We are sharing this tip and their recommendations with our blog audience as it is a conversation we have with out clients frequently. No matter what size of a company you are, it is important to not only have a plan in place should your network and data be compromised, but test the plan regulary. From Dell:
Have a Computer Security Incident Response Plan in place before you need it
Problem: Many organizations don’t have a basic Computer Security Incident Response Plan (CSIRP) in place. If a plan is in place, it is not regularly tested and revised.
For any organization serious about effectively responding to a security breach, we recommend IT and IT security professionals develop and test a Computer Security Incident Response Plan based on best practices.
- Establish a Computer Security Incident Response Plan: Establish a CSIRP that is compliant with the organization’s applicable mandates (i.e., PCI/PFI, NIST, HIPAA, etc.) and addresses the specific requirements of the overall organization.
- Test your Incident Response team: Routinely test the CSIRP to assess procedures, identify gaps in execution and evaluate your team’s proficiency in responding to a security breach. Testing should include multiple breach scenarios that address both commodity and targeted attacks.
- Address Distributed Denial of Service (DDoS) attacks in your plan: If your critical business operations rely on your connectivity with customers from the Internet, ensure DDoS is addressed in your plan. Make sure recovery planning is rehearsed and stress tested, and can be implemented in close coordination between IT and IT security staff. Consider subscribing to a DDoS protection service, if necessary.
Why it’s so important: The CSIRP is the master document to help organizations plan for the contingency of a security breach. The document defines the roles, responsibilities and procedures of the Incident Response function within the organization. In essence, the document formalizes the Incident Response function within the organization and within the security stack.
Have questions or need some guidance on establishing a plan? Contact us at Great Lakes Computer for help.