• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Hartman Executive Advisors

Hartman Executive Advisors

Business & IT Strategy Consulting Firm

  • Business Strategy Consulting
  • IT Management Consulting
  • IT Strategy Consulting
  • Risk Management Consulting
  • Telehealth
  • About
    • Careers
    • Community
    • Our Team
    • Testimonials
  • Services
    • Business Strategy Consulting
      • CIO Consulting Services
      • CISO Consulting Services
      • Interim Executive Placement Services
      • M&A Advisory
      • Telehealth Consulting Services
      • IT Coaching & Mentoring
      • Organizational Development
      • Process Engineering
    • Risk Management Consulting
      • CMMC Compliance Services
      • Cyber Risk Assessment
      • Governance, Risk and Compliance
      • Incident Response Planning
      • IT Due Diligence
    • IT Management Consulting
      • Change Management
      • IT Portfolio Management
      • Vendor Selection & Management
    • IT Strategy Consulting
      • Core Banking System Selection
      • FinTech Consulting Services
      • IT Strategy Assessment
      • Software Evaluation
      • Software Selection
      • Virtual Event Technology
  • Industries
    • Construction
    • Education
    • Financial Services
    • Government Contracting
    • Health & Human Services
    • Manufacturing, Retail & Distribution
    • Nonprofit & Association
    • Real Estate
    • State & Local Government
  • Resources
    • Blog
    • Case Studies
    • eBooks
    • Executive Technology Survey Results
    • Maryland CIO Roundtable
    • Speaking Engagements
  • Contact Us
(410) 587-0064 Request a Consultation
(410) 587-0064 Request a Consultation

How to Create an Incident Response Plan

June 15, 2020 by The Hartman Team

An incident response planAn incident response plan can help staff more effectively detect, respond to and recover from cybersecurity incidents. It focuses on looking ahead and having a concrete strategy and game plan in place that key staff can use in the event of a security breach.

What Is an Incident Response Plan?

An incident response plan is essentially a set of instructions designed to address various cybersecurity threats, such as data loss, service outages, cyber crimes and other events that could negatively impact normal business operations. It generally consists of six main phases that outline important terms that need to be addressed in the event of an incident.

Incident Response Plan Steps

Preparation

The first and most important step in creating an incident response plan is the preparation phase. To ensure that their business remains protected, it is important for employers to properly train all employees regarding their roles in the plan. Each employee should know and understand their responsibilities in the event of a data breach or other cybersecurity incident. Employers should also take the initiative to create incident response drill scenarios and undergo mock data breaches. Finally, employers must ensure that all aspects of their plan are fully funded in advance to allow for a smooth and rapid recovery following a cyberattack.

Identification

An incident response plan can help effectively address a cybersecurity issueTo effectively address a cybersecurity issue, businesses must be realistic about where the weak points are within their systems. The identification phase of an incident response plan aims to determine whether or not a business has been breached and where this cybersecurity event originated. When creating an incident response plan, business leaders should address when the event occurred, how it was discovered, who discovered it, the scope of the compromise, how the incident has impacted operations, whether or not the source of entry has been detected and if any other areas have been impacted.

Containment

When cybersecurity incidents occur, many businesses make the mistake of simply wiping their systems clean of all data. This not only eliminates important evidence that could be used to deter future cybersecurity incidents, but it also causes delays which can extend the time needed for businesses to return to normal operations. The purpose of containment is to stop the effects of an incident before it can cause further damage, without losing any compromised data forever. Having a backup system in place is only the first step. Businesses should also review their remote access protocols, harden their passwords, review their multi-factor authentication and confirm that all administrative access credentials are secure.

Eradication

While containing the incident at hand is an important step in an incident response plan, businesses must also determine the cause of the breach. If a business fails to determine the root cause, there is a high chance that the incident could occur again in the future. Eradication involves a series of strategies, such as patching systems, removing malware and applying updates. This can be accomplished by employees or performed by a reputable third-party. Once the cause of the incident has been eliminated, businesses can move onto the next phase of the plan.

Recovery

minimize downtime with incident response planTo help minimize downtime and help ensure that cybersecurity threats do not continue to threaten the daily operations of a business, it is important to include a recovery phase in the incident response plan. This recovery phase should focus on restoring any affected systems back to a stable business environment. During recovery, businesses should have the ability to get their systems back up and running without fear of another cyber-attack. When creating this phase of the plan, it is important to consider when systems can be recovered, can a trusted backup be used, how long the affected system should be closely monitored and what tools are in place to help prevent a similar incident.

Review and Implementation

Once an incident response plan has been created, the final steps involve the review and implementation of the plan. The sooner that an incident response plan is implemented, the safer a business will be against certain cyber threats. It is always a good idea to seek the expertise of a risk management firm experienced in cyber risks. Having a risk management consulting team can be used to plan and implement solutions for all types of cybersecurity issues.

Speak to the Risk Management Consulting Firm Today

Businesses in all industries are susceptible to cyber-attacks. It is important for companies to be prepared for if and when these incidents occur by having a thorough incident response plan in place. For more information or for help creating an incident response plan, reach out to Hartman Executive Advisors.

Filed Under: Risk Management Consulting

Primary Sidebar

Types

  • Article
  • Press
  • Vlog
  • Webinar

Topics

  • COVID-19
  • Cybersecurity
  • Featured
  • Hartman News
  • Health & Human Services
  • Interim Executive Placement
  • IT Due Diligence
  • IT Management
  • IT Strategy
  • Leadership
  • Mergers & Acquisitions
  • Risk Management Consulting
  • Strategic Services
  • Systems & Software
  • Telehealth

Related Blogs

corporate governance officer is activating GRC

Benefits Of Governance, Risk & Compliance

November 22, 2021

Governance, risk and compliance (GRC) are three disciplines that can help ensure that a company meets its objectives. This structured approach aims to[...]
Read More

governance risk and compliance concept represented by wooden letter tiles

What Is Governance, Risk & Compliance?

November 15, 2021

Governance, risk, and compliance, or GRC for short, refers to a business’ strategy for managing a broad range of issues relating to corporate [...]
Read More

cyber hacker on a computer

This Holiday Season, Watch Out for Unexpected Gifts

December 11, 2020

Despite a particularly difficult year, there are still many “Grinches” out there seeking to cause harm in the form of cybercrime. At Hartman, we[...]
Read More

Footer

It's Time to Reach Out
Are you ready for independent IT Leadership?
Contact Us

Hartman Executive Advisors

1954 Greenspring Drive Suite 320 Timonium, MD 21093
410-587-0064

Services

  • Business Strategy Consulting
  • Risk Management Consulting
  • IT Management Consulting
  • IT Strategy Consulting

Resources

  • Blog
  • Case Studies
  • eBooks
  • Executive Technology Survey Results
  • Maryland CIO Roundtable
  • Speaking Engagements
Sign Up for Our Newsletter
Subscribe to Hartman Executive Insights
  • This field is for validation purposes and should be left unchanged.

© 2022 Hartman Executive Advisors · Powered by 321 Web Marketing · Website Privacy Policy & Terms of Use