Incident Response Planning

Published on: June 13, 2018

Tasks

  • Review the exiting Incident Response Plan
  • Review current tools and capabilities – ability to prevent, detect, investigate and
    respond to an incident.

    • Asset inventory of high value and critical assets
    • Vulnerability and patch management, including malware detection
    • Network perimeter and topology, including egress monitoring
    • Security Information and Event management
    • Digital Loss Prevention strategy
    • Penetration testing, security assessment and audit
  • Engage the Crisis Management team to ensure alignment
  • Ensure alignment with Business Continuity, Disaster Recovery and Availability Planning
  • Engage with an external consultant to review and provide guidance of our plan
  • Ensure there is a section on crisis communications, including review of legal
    requirements (external Consultation)
  • Evaluate Cyber Insurance and the alternative for retaining specific skills needed in event
    of a significant incident
  • Develop a program around a table top exercise(s) and walk-through drill/simulation
    test (external vendor)
  • Provide input into Information Security Awareness Program
  • Conduct post-hoc reviews of measures taken in response to digital emergencies and / or
    breaches concerning digital assets and their remediation, and based on these, make
    recommendations for future responses (Determine root cause and document lessons
    Learned)