Transform Your Incident Response Plan from a Static Policy Document to an Interactive Process
Jon Siegler | April 26, 2018
Benjamin Franklin supposedly said, “if you fail to plan, you are planning to fail.” Although, this sentiment is never more true than in an organization’s preparation for risk “only twenty-five percent [of organizations] have an Incident-Response (IR) plan applied consistently across the organization, and twenty-three percent have no incident response plan at all,” according to the Ponemon Institute. Out of the 25% of companies that report using an incident-response plan, many of them are utilizing pen and paper, or excel spreadsheets and email to help organize the process for this crucial plan. In order to protect your organization from risk, it is imperative to transform your Incident-Response plan from a static document to an interactive process.
Why Static Documents Don’t Work
An IR plan establishes the necessary processes to respond to an incident in a way that limits damage, cost, and resources. And while it may seem obvious that every business should operate with certain processes in place in order to respond to various incidents, many do not. What is more concerning is that businesses that claim to have a functional IR plan, are simply using arachiac and siloed methods such as spreadsheets and emails. Establishing real “IR capability requires moving the plan from a static document to being embedded in the fabric of the organization.”
A business can not operate under the assumption that they are not at risk, and without a comprehensive and interactive IR plan your business is operating without a safety net for something as critical as a data breach. A static IR plan creates siloed departments and confuses communication. Each department head may have an IR plan spreadsheet, but that plan lives on his/her computer. When an issue arises it is the sole responsibility of that individual to initiate and follow it through the process. The siloed plans are barely enough for minor/local incidents, and become chaos when there is an enterprise-wide incident.
Simply having a static policy document sets your organization up for failure. Without the ability to clearly document every aspect of the incident your organization is susceptible to further risk.
With an interactive process you can automatically capture:
The day and time the incident occured
The type of incident
Each employee involved in the incident
Tracking all communications concerning the incident
Root cause analysis of the incident
Benefits of An Interactive Incident Response Plan
When a controlled and repeatable process is in place the appropriate people can be made aware of an incident immediately and the correct plan of remediation can begin. A systematic approach across the enterprise allows every person; whether they be customer, third-party, or employee to report an incident which is then logged, reviewed, dispositioned, and resolved. This controlled process reduces the risk to the enterprise.
Certain regulations like HIPAA and GDPR require that data breach incidents are reviewed and communicated to the appropriate authorities within a certain time from the date the incident occurred. Automated rules can be created that set the SLA based on the type of incident and send reminders to the internal business owners.
Automated Routing and Assignment
Depending upon the type of incident, you can ensure that the right person in your organization is assigned as the owner of the incident with automated rules. Workflow can be created to ensure the right person reviews the incident at each step.
Analyze and Remediate Risk
Documentation is everything. Without an automated process for documenting incident responses your organization is spending a lot of time and manpower updating spreadsheets and sending emails. A centralized system that automatically collects reported incidents and the process of remediating the incident saves time and money. Intelligent reporting provides insight to the incident that allows you to shift and adapt your processes and procedures to meet the needs of your company as it grows.
LogicGate Can Help
LogicGate's Incident Management solution provides a robust single source of truth that automates and adapts to your organization’s needs allowing you to modify the rules and logic that drives the process. With an interactive Incident-Response Plan, your organization will have a true safety net that reduces risk.