Even the best security programs have gaps. If you had any cybersecurity expert tell you otherwise, they’re simply not an expert. You see, it’s critical to respond when security breaches occur. Developing an incident response capability can reduce the impact of an incident. It can also help you document evidence and meet legal requirements. The US code of federal regulations contains many references to incident management capabilities.
LINKS:
____________________________________________
https://etactics.com/blog/cyber-incid...
___________________________________________
Several of them mandate non-federal organizations to document and report incidents. The Health Insurance Portability and Accountability Act (HIPAA), the Department of Defense (DoD) and the Federal Energy Regulatory Commission (FERC) all have requirements related to incident response. To make matters worse, the authoritative sources that exist to help with educating organizations on incident response provide massive documents, filled with jargon and acronyms. I mean, NIST Special Publication 800-61 Revision 2 is 79 pages long alone. So, what are the essential elements of an incident response plan and how do you turn those elements into a template that’s readily available for your organization to implement?
In the blog post provided within the description of this video, we took a deep dive into the authoritative sources’ guides for incident response, found patterns and distilled the main components of an incident response policy so that you can more easily create an incident response plan template. Incident response policies often establish a set of objectives for the organization. The plan details how the organization implements their policy. Both NIST Special Publication 800-61 Rev2 and Special Publication 800-53 Rev5 contain guidance for drafting an incident response policy.
The other publications are helpful for documenting these components. The policy elements cited in NIST SP 800-61 Rev 2 go well beyond the requirements listed in NIST SP 800-53 Rev 5. But, there is also a solid amount of crossover as well. Even after knowing these elements, though, it’s important that you tailor your organization’s own elements into your policy. The 15 essential elements to keep in mind for your incident response plan template are; compliance, scope, roles & responsibilities, management commitment, coordination among entities, purpose, objectives, levels of authority, prioritization of incidents, organizational structure, reporting & contact forms, handoff & escalation points, performance measures, reporting requirements, and definitions.
Now let’s talk about each of these elements in greater detail.
First, management commitment. Management should understand and approve all policies. By signing a policy, management commits to the content contained within the policy.
Second, purpose. The purpose section of a policy should describe what the policy sets out to do. If you’re struggling to write the purpose section, start with the objectives section. Once you've written out the objectives, look to summarize them as the purpose of the policy.
Third, objectives. When writing objectives, you want traceability to the incident response plan. Take your main workflows, stem the mission statements from them and combine each into a single statement you can use as your first goal.
Fourth, scope of applicability. Scope refers to the parts of your organization that this policy applies to. Scope can include organizations, individuals, technology assets, or facilities. We drafted our policy with the following scope:
Fifth, definitions. A policy is a great place to define terms, you want to make sure you have definitions associated with different aspects of an incident to ensure that everyone is on the same page.
► Reach out to Etactics @ https://www.etactics.com
►Subscribe: https://rb.gy/pso1fq to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn: / etactics-inc
►Find us on Facebook: /
#IncidentResponse #IncidentResponsePlan
Информация по комментариям в разработке