Simply put, the incident response plan represents the protocol (set of instructions) designed to help your staff detect and deal with the incident, as well as recover the affected systems and restore the normal workflow within the organization. The incident response management team will typically institute distinct guidelines for the:
Considering that incidents tend to unfold in a series of subsequent phases, we believe that the best framework to use is the timeline format. On a side note, you can even create an incident response timeline template that can be adapted to particular types of events. An incident response timeline can be broken down into six distinct phases, each with specific requirements, and they are as follows:
This is perhaps the most crucial step for any coherent incident response plan example out because it sets the stage for your team to address the issue effectively. In short, it means ensuring that the staff receives regular and up to date training on their role in dealing with the incident, that your execs have approved and funded the response protocol and that the current procedure is tailored to your company’s system. Conducting mock incident drills is a great way to keep everyone up to speed with their responsibilities, as well as to determine where flaws in the plan exist.
Identification is about determining the point of origin for your incident, the scope of the compromised systems and its impact on operations. As there may be multiple areas affected, be sure your incident response plan includes a sweep to locate every single one.
During the containment phase of the incident response timeline, your team’s priority should be to find short and long term means to deal with the disruption, activate redundant backup systems to restore and keep operations running and disconnect the compromised parts of the system to prevent further contamination. For a cyber security incident response plan, this stage also mandates a company wide update of passwords and credentials.
Once the backup systems are up and running and the issue has been contained, the next step involves tracking down the root cause of the incident. This can entail updating security protocols, patching the vulnerable entry points into the network, and even enlisting the help of 3rd party services to perform an independent audit of the systems. Any undetected threat can still represent a liability.
At this point on the incident response plan timeline, the focus should fall on restoring your systems using trusted backups. It’s also vital to keep monitoring the integrity of the data and patch the parts of the system that have failed to ensure they’re ready to use when the next incident comes around.
For a company, incidents are unfortunately an inevitable part of life. Think of them as free lessons in operational security. As of such, it would be unproductive to play the blame game with your staff. A much better approach consists of analyzing the incident response plan to find out which of the tactics yielded positive results and where the protocol fell short. Come up with a new incident response steps that eliminate the ineffective strategies and address the newly discovered vulnerabilities to ensure that the same type of event can no longer happen.
The incident response timeline template was created using Office Timeline, the perfect PowerPoint companion for anyone involved in planning or project management. Quickly create amazing and intuitive timelines, Gantt charts or swimlane diagrams that will impress your audience and ensure your message gets through every time. Check out the free version or take advantage of all its features by downloading the Pro+ Edition. In conclusion, the best preparation for tomorrow is start planning today.
Use the Office Timeline PowerPoint add-in to quickly update any of these timeline templates or create your own project visuals. Easily change the texts, dates, colors, shapes and styles of your timeline, right from inside PowerPoint.
Or try our online timeline maker.