Quick Hits

What's Essential in an Incident Response Plan? Security Leaders Weigh In

A new report examines the must-have components of a security incident readiness and response playbook.

Security leaders understand the need to build defenses and develop policies to reduce the risk and potential impact of a cyberattack, but many fail to test those defenses. 

A benchmark report from the Information Security Forum finds 74% of respondents do not subject critical systems to attack simulations, which can severely hinder incident response (IR) as businesses have not prepared for how to react to a security incident. By simulating specific attack scenarios, organizations can gain insights into how effective their response would be.

Building a comprehensive incident response plan or playbook should start with a vision for the IR practice, according to Eric Ahlm, Senior Research Director at Gartner.

The document should contain the following components:

  • IR mission statement: This rationalizes the need for an IR plan
  • Roles and responsibilities: This explicitly names who is involved in the IR plan and their reason for being there
  • Scope of incident declaration: This states what type of situations are within the scope of declaring an incident, and which are not

A new Dark Reading report, "Incident Readiness and Building Response Playbook", offers insights and tips for building and testing an incident response plan.

The full report can be accessed here.