“Plans are Useless, but Planning is Essential”

This quote is attributed to Dwight D. Eisenhower, who was the Supreme Commander of the Allied forces in Europe during World War II and served as the 34th president of the United States.?He understood the value of creating a plan, as well as the fact that plans can’t take every contingency into account.?In other words, Eisenhower believed that once the first shot is fired in a battle, a plan must evolve.

An Incident Response Plan, or IRP, should be a key component to keeping your company or agency safe during an emergency.?This is true regardless of whether the threat is physical or cyber based.?A well written IRP is approved by senior leadership and ideally, has been tested through a simulated attack, or tabletop exercise.?Incident Response Plans don’t have to be 200-page documents (in fact, they shouldn’t be), and should contain basic directions for staff to follow, such as:

• Preparation and training, so that staff knows what to do in case of an incident.?
• Detection and analysis procedures to confirm an incident has occurred.?
• Standardized reporting and logging tools/forms.
• A process designed to triage the incident and determine what the initial response should be.
• Plans for containment, so that the impacted host, file or system can be identified and isolated.
• An escalation path, including the names and emergency contact information of key partners, so that the incident can be reported to local, state and federal agencies, requesting the expertise and resources to create a coordinated response (depending on the severity of the incident itself).

After an incident, it will be important to hold a formal retrospective meeting with the response team, to see what worked and what needs to be improved.?It is important that these sessions are blameless and focus on processes NOT people.

If your company or agency needs assistance in developing an Incident Response Plan, please contact Tek Works.?We can help.