Incident Response Plan (IRP)
An incident response plan (IRP) is a set of written instructions for detecting, responding to and limiting the effects of an information security event.
Incident response plans provide instructions for responding to many potential scenarios, including data breaches, denial of service/distributed denial of service attacks, firewall breaches, virus or malware outbreaks or insider threats. Without an incident response plan in place, organizations may either not detect the attack in the first place, or not follow proper protocol to contain the threat and recover from it when a breach is detected.
There are six key phases of an incident response plan:
- Preparation: preparing users and IT staff to handle potential incidents should they should arise
- Identification: determining whether an event is indeed a security incident
- Containment: limiting the damage of the incident and isolating affected systems to prevent further damage
- Eradication: finding the root cause of the incident, removing affected systems from the production environment
- Recovery: permitting affected systems back into the production environment, ensuring no threat remains
- Lessons learned: completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts
Taking the time to develop a vigorous IRP can seem less important than applying those limited resources to more immediate needs. But the consequences of being unprepared when an incident occurs far outweigh the time, effort and investment in developing a strong incident response plan.
StrataCore works with expert security partners that will help your company create a customized blueprint for quick and efficient response and recovery efforts when the time comes. Talk to a trusted advisor today!