What's Essential in an Incident Response Plan? Security Leaders Weigh In

A new report examines the must-have components of a security incident readiness and response playbook.

Dark Reading Staff, Dark Reading

July 30, 2021

1 Min Read

Security leaders understand the need to build defenses and develop policies to reduce the risk and potential impact of a cyberattack, but many fail to test those defenses. 

A benchmark report from the Information Security Forum finds 74% of respondents do not subject critical systems to attack simulations, which can severely hinder incident response (IR) as businesses have not prepared for how to react to a security incident. By simulating specific attack scenarios, organizations can gain insights into how effective their response would be.

Building a comprehensive incident response plan or playbook should start with a vision for the IR practice, according to Eric Ahlm, Senior Research Director at Gartner.

The document should contain the following components:

  • IR mission statement: This rationalizes the need for an IR plan

  • Roles and responsibilities: This explicitly names who is involved in the IR plan and their reason for being there

  • Scope of incident declaration: This states what type of situations are within the scope of declaring an incident, and which are not

A new Dark Reading report, "Incident Readiness and Building Response Playbook", offers insights and tips for building and testing an incident response plan.

The full report can be accessed here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights