Developing an Incident Response Plan

One of the most important things that a business organization can do when it comes to IT security is develop an adequate incident response plan.  One of the most important components of such a plan is to provide training to all staff in the organization so that they will know what steps to take first of all whenever a security incident may have occurred. 

According to Dawn Morgenstern, who manages aspects of IT for the Walgreens drugstore chain, employees may be reluctant to follow protocols until they are absolutely sure there has been a breach.  This indicates a need to change the institutional culture.  Employees should not only thoroughly understand the incident response plan and receive periodic refresher training on it, but the business culture should also be adapted so that staff members do not fear for their jobs or promotion prospects should they report a concern that turns out to be a false alarm.

Another key component of an incident response plan is a clear protocol to be followed in order to document all actions taken in response to the incident, including the ways in which the intrusion has been investigated and the various notification efforts that employees have made, whether or not they followed the existing plan.  Only in this way can the plan be improved for the future.

Contracting with an IT consulting firm for project work is a sound way for businesses to develop or revise an incident response plan.


Whitepaper: 6 Do’s & Dont’s for Choosing the Right IT Service Provider