Contact Us

Incident response
plan and management:
How to create
a proactive plan

Author: David Grady

No business likes to think it is vulnerable to a cyber security attack. Yet Verizon’s 2021 Data Breach Investigations Report reveals that cyber attacks are occurring at an ever-increasing rate. The need for incident response management and a sound incident response plan have never been more important.

When it comes to incident management and incident response, organizations fall into one of two categories: those that take a “wait and see” approach and react once they become the victim of a cybersecurity attack, and those that place a high value on incident management and have an incident response plan in place before an attack occurs.

Without the proper incident response management tools in place, businesses tend to be less effective at incident response. They often spend more time trying to figure out what to do and who to contact, which can lead to more damage and higher costs per incident.

On the other hand, businesses that take a proactive approach to incident management have taken the time and effort to develop an incident response plan and view the plan as a living document that is continually stress-tested and updated. When a cybersecurity attack does occur — and eventually one will — these organizations tend to be more effective at mitigating the risks of, and dealing with, the incident. In other words, having an incident management plan can significantly increase an organization’s ability to thwart and deal with incidents.

How to improve your incident response plan

So how can you improve your incident management response? Here are three examples of proactive incident response steps every organization should take.

Identify stakeholders

To be positioned to respond quickly and efficiently to an incident, identify primary and secondary incident response stakeholders from relevant business units (legal, human resources, physical security, etc.), and delineate their roles and responsibilities in advance. This gives stakeholders time to ensure they understand what they need to do before, during, and after an incident. This also helps to ensure that the right incident response management tools are put in place.

Conduct training

Establish processes for educating the workforce about the importance of incident management (e.g. phishing awareness, monthly bulletins, annual training, etc.) and train stakeholders on effective incident response (e.g. annual mock incident tabletop exercises, technical training for the tactical incident responders, etc.). This helps an organization mitigate incidents and efficiently respond to them. It also helps to protect an organization’s data and reputation.

Hold a “lessons learned” meeting

Perform a “lessons learned” meeting immediately following an incident to find out whether you have the right incident management tools in place. This meeting provides an opportunity debrief on your incident response by identifying what went well, what didn’t go well, and what can be improved. This information should include actionable items that will be used to update and improve the incident management process.

These are just a few examples of proactive incident management steps you can take. So what kind of organization do you aspire to be? One that spends valuable time and money trying to identify stakeholders and establish an incident management plan once you’ve already been a victim of a cybersecurity attack? Or one that proactively addresses potential incidents with an incident response plan to help effectively manage an attack and mitigate the damage?

Learn more about proactive incident response planning and how the Verizon Threat Research Advisory Center can help to ensure your organization has a sound incident management plan in place before a cybersecurity attack occurs.

David Grady is an ISACA-Certified Information Security Manager (CISM) and Chief Cybersecurity Evangelist at Verizon Business Group.