-
Home
-
Knowledge Base
-
David J Steele
- IT Security Incident Response Plan
Knowledge Base
IT Security Incident Response Plan
Both companies and individuals should have an IT Security Incident Response Plan. In a corporate environment, employees, vendors, and contractors need to know how to quickly report an incident to the correct people to respond and address the situation.
What is considered an “incident”?
An incident can be an occurrence, condition, or situation arising in the course of work that resulted in or could have resulted in:
- Loss of data, compromise of account information, exchange of PII information, unauthorized network access,
- Phishing scam, email spoofing, or social attempt to collect information.
It is essential to understand that reporting an incident, even if you did not fall for the situation, allows the IT Department to be aware and use it to make others aware of the technique being used by cybercriminals. This increases awareness through the entire company and educates other staff that might not be as cyber-aware of the threats.
With cybercrimes continuously rising in record numbers, we cannot assume we are safe and must continue to communicate and educate everyone in the organization of the dangers and that we are all targets. Sometimes, the savviest technical users are tricked with basic techniques because it becomes almost normal behavior.
The facts are scary. With over 70% of companies in the education, research and medical industries and over 50% of IT firms being directly affected by cybercrimes, we must stay diligent; we need to keep our employees aware of current and possible threats to our organization’s systems and information.
How to build an effective and proactive IT Security Incidence Response Plan
Building an effective IT Security Incidence Response Plan involves a proactive approach. Intrada recommends the following:
- Identify and appoint staff to a Center Security Team (CST). These individuals will be the single team to respond and be aware of all incidents and situations accordingly.
- You must communicate all incidents and situations immediately to the CST. It is then the responsibility of the team to place additional security protocols to prevent the problem from reoccurring, monitor networks for related activity and notify internal staff or send out client-wide notices with specific information.
- Engage in the response phase. Intrada breaks down the response phase into four sub-categories: detection, analysis, recovery and post-incident. The response phase includes when the incident was first observed. The response phase time is based on the priority of the incident.
- Response Phase 1: Detection (when and where the incident was first observed)
- Response Phase 2: Analysis (determining the type of threat - accidental, internal, intentional and impact – from no effect to high impact)
- Response Phase 3: Recovery (bringing affected systems back online and restoration or recovery efforts)
- Response Phase 4: Post-incident (within two weeks of the incident the CST should discuss lessons learned)
The simple rule of incident notification is contacting the CST when staff experience or observe any unauthorized activity that attempted or succeeded in accessing any information. The CST will then review the incident and handle the next steps in the process.
To report an incident, contact the Intrada Help Desk using the online Help Desk System or by calling 800-858-5745. The help desk team will route any incidents to the Intrada CST for review and follow-up.
Cybersecurity Awareness Poster
 |
Click here for a cybersecurity awareness training poster that Intrada Technologies clients may print and post to meet cybersecurity insurance requirements. |
About the author
|
Contact Information: |
Hours of Operation: |
OUR FOCUS
Intrada Technologies is a full-service web development and network management company with a focus on creating ongoing, trusted partnerships with each of our clients.
We make sure our clients have what they require to run their businesses with maximum efficiency and reliability, as many of their needs are mission-critical.
Our unique, collaborative partnerships allow us to provide our clients with the assurance that we will be there when they need us.