A complete and sophisticated incident
response plan is essential for an organization to refer as a roadmap when in
the crisis. If there is no incident response plan, organizations may either not
detect the incident or not be able to apply proper solution when a crisis
happened. It is also vital to conduct incident response program with set of
exercises in synchronized with the incident response plan. Documentation should
be available to key decision makers to refer and quickly recover from crisis.
Some organizations will have dedicated incident response team, while some
companies outsource incident response activities and some other business use
hybrid approach, in which some part of plan like technical feasibility will be
outsourced and rest of the part will be handled in-house.
complete Incident Response Plan (IRP) will have sequence of actions and events
to be taken by individual stakeholders. Secondly incident response plan includes
priorities on response, key stakeholders, roles and responsibilities in it,
also includes templates to maintain business continuity.
List of stakeholders for the
IR planning committee:
incident response team is crucial, the number one reasons why would incident
response plans is because of inadequacy of the incident response teams.
key stakeholders for incident response plan are IT services, Security, Legal,
Human Resources, and Communications.
Services: All the parts of
IT Services team of organization and incident response team need to have
strong relationships. In General IT Services team includes, database teams,
networking teams, developers team and testers team. Also, there could be
external teams involved in the IT Services like service and hosting providers.
Both internal and external service providers are crucial and to be taken into
consideration while identifying incident response teams.
Incident Responders expects ownership on every
aspect of security to recover from the incident happened. There should be good
route of communication between incident responders and security management and
other security leadership. In this aspect we can consider security management
is also a key stakeholder of response plan.
any incident happens, it opens the door for lots of legal considerations and
questions. Decisions need to take on what event to be reported and how significant
is the event to report. Incident responders are expected be technical experts rather
than legal experts. Which means incident responder must have a way to communicate
with the good legal lawyers.
Resources: The number one reason and frequent cause of
security incidents are users. Organizations are more vulnerable to security because
of its users. Incident response team needs to handle it in a sensitive and correct
way. Incident response team should work closely and engage with HR. There should
be some communication and ad-hoc links to be provided to the users when incident
Incidents details will go into the public very easy
and fast. So, it is important that incident response team members should continuously
stay in touch with Public Relations team or Communication team of the organization
and need to provide only necessary information instead of revealing everything to
the public and panicking users. Communications or PR team will have expertise in
dealing with public sensitive matters. Users or customers are important for any
organization, so this should be handled in sensitive terms. Hence this should be
important step in identifying incident response team.