Security leaders understand the need to build defenses and develop policies to reduce the risk and potential impact of a cyberattack, but many fail to test those defenses.
A benchmark report from the Information Security Forum finds 74% of respondents do not subject critical systems to attack simulations, which can severely hinder incident response (IR) as businesses have not prepared for how to react to a security incident. By simulating specific attack scenarios, organizations can gain insights into how effective their response would be.
Building a comprehensive incident response plan or playbook should start with a vision for the IR practice, according to Eric Ahlm, Senior Research Director at Gartner.
The document should contain the following components:
- IR mission statement: This rationalizes the need for an IR plan
- Roles and responsibilities: This explicitly names who is involved in the IR plan and their reason for being there
- Scope of incident declaration: This states what type of situations are within the scope of declaring an incident, and which are not
A new Dark Reading report, "Incident Readiness and Building Response Playbook", offers insights and tips for building and testing an incident response plan.
The full report can be accessed here.