A recent report indicated that IRPs “are frequently developed from within departmental silos, for example, within the organization’s IT security function, and do not address the considerations of business units or cross functional areas needed to coordinate and operate together during a response. This not only leads to an uncoordinated response effort, but discourages buy-in from all business units that are expected to be involved in the response effort.” Delta Risk issued its April 2016 report entitled “Top 10 Cyber Incident Pain Points: Are You Prepared?” which identified as # 2 on the list is “Incident response plans lack cross-organizational considerations and buy-in” which included these observations:
Integrated incident response plans, which account for the differences in the way business units respond, or those organizations which have standardized incident response across their functional business areas, are typically more successful during incident response scenarios.
Here’s the list of all 10 Pain Points:
- Lack of a cross-functional “incident commander” to coordinate response across the organization
- Incident response plans lack cross-organizational considerations and buy-in
- Limited data classification guidance to help determine severity and guide incident response activities
- Ill-defined processes (aka “pre-thought use cases”) for responding to high impact incidents
- Lack of defined checklists or step-by-step procedures, including contact lists for response
- Lack of consideration of the business impact when determining courses of action for response
- Ill-defined or mixed use of event and incident taxonomy between responders
- Lack of defined thresholds between events and incidents to aid in decision making
- Limited or lack of pre-determined (aka “pre-canned”) external communication statements
- Lack of training and exercise of “memory muscle” for the most likely or high risk incidents
It’s critical that all businesses to better plan their IRPs, training, the other 8 Pain Points!