Upgrade Your Security Incident Response
A Security Incident Response policy and procedure depends on the business impact related to the incident types. Having a security incident that costs the business millions of dollars must be treated quicker and with more attention to detail to others which are less severe.
Debriefing and Feedback
In my opinion, the most important step is “Debriefing and Feedback” (lessons learned). This is because it is important to learn from the issue and update the policy and/or procedure to ensure similar incidents do not repeat. For instance, a security incident that stemmed from poor end user training will likely result in training for the end users to ensure that the same does not happen again.
I know personally, I learn a great deal of knowledge through problem research. This type of knowledge is important when planning what can be done to prevent the same type of incident. Part of the debriefing and feedback process helps the organization’s security program mature into something that better aligns with the business and its systems.
For instance, a new organization may not have a process to perform vulnerability testing within a certain farm of web applications, but may make it mandatory to do so if an incident were to occur. Many people only plan for a handful of scenarios within their security plan, and the "Debriefing and Feedback" step will help mature that program into something more beneficial to the organization.
Equilibrium prides its security practice on helping organization mature their individual security programs to meet their unique goals. Vulnerability scanning is included in each of our security assessments.
Would you like help developing a Incident Response Policy? Let's Talk.
Author: Chad Akileh
Equilibrium IT Solutions, Inc.