Common Pre-Breach Cybersecurity Mistakes, Part Four: Poor Incident Response Planning

For most organizations, the term “incident response plan” can cover a lot of ground. A proper incident response plan (IRP) determines who is responsible for what areas of the organization both during and after an ‘incident’. Too often we find organizations who have not properly implemented a plan for cybersecurity breaches… until they encounter one.?

When an organization lacks a proper IRP, they leave themselves open to legal issues in the event of a security breach. Whether that breach is a malicious actor or a misconfiguration error that leads to a leak, it helps to know what the response plan is before you encounter the issue. After a breach is handled, inevitably you will be asked “what was your response plan, and how will that change in the future?”

Organizations like to load up their IRPs with procedures, which bog down the actual incident response time.?Instead, you can have a great?incident response plan?that is only three or four pages long; make it very simple. Get the right people in place and then trust them to make the right decisions in the context of the particular event.

The right kind of plan is a plan that is focused not on the detail of the process, but more on identifying the people who were going to run the process and then giving them the discretion to tailor the process to the particular event in a way that makes sense.

The easiest way to figure out the right balance of procedure, legality, and responsibility is to consult with someone familiar with the processes. Companies like Idenhaus?have the experience and knowledge that can help craft an IAM security solution for any organization.