As part of Dell SecureWorks' Security Leadership Series, we spoke to 6 security leaders about what they felt were the three most important elements of your Incident Response plan. Even with the varied industries represented in these conversations, two common themes emerged:
- Have a plan in place long before an incident occurs. Evaluate your organization's systems, test the infrastructure, and design a plan that is appropriate and specific to your organization.
- Practice & test the plan so that your organization will stick to it in the heat of the moment. Engage your Incident Response process whenever feasible instead of waiting until you are absolutely sure there has been a security incident. A well-practiced team is more able to respond quickly and efficiently when security incidents occur.
- Ensuring that you have up-to-date threat intelligence tied into your security infrastructure and response plan will help your organization address even the most innovative of security incidents.
- To prevent different parts of your organization from developing and enacting their own plans, the organization's official Incident Response Plan needs to have executive level buy-in and cross-company dissemination.
- Ensure that each department or position understands their role within the plan, and wherever possible, boil down the responsibilities of each role for easy reference. The day your organization has to respond to a security incident is not the day everyone should be learning about the plan or their roles within the plan.
When preparation is your best defense, taking the time to be thorough is the most effective action you can take.
You can watch the 10 minute video as well as learn more about Advanced Threats at the Advanced Threat Resource Center.