Computer security incidents are becoming increasingly more common. They impact organizations of all types and sizes. To effectively deal with a security incident an organization must have an appropriate response plan in place and approved at the highest levels of management. Effective incident response requires coordination among many different IT and business teams and personnel and it is impossible to execute without proper planning and prior coordination. An incident response plan should detail the following:
- The responsibilities of all parties involved
- The evaluation and escalation procedures once an incident is identified
- The response capabilities that must be maintained by the organization
- The response procedures that must be followed for each incident
- The response priorities?
- Any external coordination that must be made to effectively respond to any incidents
Only when these issues have been addressed and documented can an organization hope to be prepared for an IT security incident. A lack of incident response plans has been commonly cited during the course of regulatory examinations of financial institutions.