Create an incident response policy

Does your organization have an incident
response policy (IRP)? You may not think you need one. You’ve
locked down your organization’s network, and your disaster recovery
plan effectively details how to respond to a security incident–so
you feel relatively secure.

But even the most secure networks need an IRP.
Regardless of the severity of the incident, it’s essential that
your company has a policy in place that outlines steps to take
during potentially disastrous times.

Every organization should include an IRP as
part of its overall business continuity plan (BCP). Knowing how to
minimize security vulnerabilities and respond to security incidents
in a well-organized and thorough manner should be a critical
component of any company’s BCP.

A security incident is any adverse event or
threat that affects your organization’s information systems or
network. Incidents can include unauthorized access, malicious code
(such as viruses), network probes, and denial-of-service
attacks.

Get the TR Blog Roundup

Find out who’s offering the best advice, the quirkiest comments, and the most compelling life stories every week with TechRepublic’s Blog Roundup. Click here to automatically sign up to receive it every Wednesday.

Use tags to find blog posts about Windows and security.

An effective IRP should address eight key
areas. Let’s take a closer look.

Demonstrate management
support

First and foremost, your policy should clearly outline management’s
support of the policy. A member of senior management–or anyone
with the same authority to address the included provisions–should
sign the policy. These provisions might include any financial
resources, personnel, equipment, and training dedicated to
implementing the policy as well as internal consequences of
violation.

Decide
an organizational approach

There are two common methods of dealing with an incident: Contain,
clean, and deny, or monitor and record. The method your
organization chooses should depend on whether the goal is to seek
prosecution and/or compensation or to quickly restore services.

Determine outside notification
procedures

Allowing your network to participate in a distributed attack and
remaining silent is a legal landmine waiting to explode. In our
collaborative world, it’s important to determine procedures for
notifying third parties if you’re involved in a distributed event.
Decide whom you’ll inform as well as when and how.

Discuss
remote connections

Your policy must address remote connections. This should encompass
all remote employees or contractors, and it needs to outline your
rights to disconnect and remove access during a security
incident.

Define
partner agreements

Describe downstream and upstream agreements with your service
providers and customers that define your right to monitor and
disconnect the network as required.

Develop
an incident team

Identify by position (not name) the members of the team that will
enforce the policy, and describe their roles, responsibilities, and
functions. The team should encompass a variety of skills and areas
of expertise, including security, administrators, human resources,
and legal.

Design
an internal communications plan

Develop an internal communications plan that identifies who you
will notify and how you will contact them. In addition, decide on
the person who’s responsible for initiating this contact.

Demand a
follow-up report

Define a method for reporting and historically archiving the
incident. Use that information to tune your operations to prevent a
similar incident from reoccurring.

Every network is unique, and the type of
business your organization conducts on the Internet will influence
the level of your response to a security incident. As your network
changes, make sure you adjust your IRP accordingly and address
newly discovered vulnerabilities as they occur.

Final thoughts

If your organization has no established,
coherent plan of action, it can easily make the wrong decisions
both during and after a security incident. An IRP policy can’t
solve your problems, but it can offer a cool-headed method for
dealing with a hot issue.

For more in-depth information on incident
response, check out SANS’
Information Security Reading Room, which offers a wealth of
available information that can help you create a comprehensive
incident response policy.

Worried about security issues? Who isn’t? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...

PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an ...

PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit ...

Create an incident response policy