Are you protecting the business or simply securing the enterprise?
What you will learn:
- Addressing the strategic risk(s) of the corporation
- Ensuring your plan is "actionable" detailing a decision making process
- Making "your" plan an "our" plan
- Importance of testing at least annually
As an information security leader there is no "hard and fast" rule that defines whether or not you are doing a sufficient job.
However, once you have a breach, the expectations of your organization are clearly defined and backed by numerous regulators eager to show their constituencies that they mean business. This is a major concern for your Board of Directors and is probably the last thing you are prepared to deal with.
This white paper is intended to guide your incident response planning from a consequence management perspective, which will help you develop better incident response planning.