Know what steps to take – in the most effective order – during a security incident.
Kirby C. Leeper
Former Chief Information Officer
EBS Asset Management
In addition to a Business Continuity Plan (BCP), every business with a significant dependence on web traffic should have an Incident Response Plan. Different than a BCP, the incident response plan should cover events that have a significant impact on one or more business segments, describe in depth what to do, and how to recover from them.
An Incident Response Plan (IRP) is a step-by-step process to follow when a security incident occurs. This is extremely important, as this plan can have downstream impacts and also satisfy regulatory requirements. An effective plan requires an in depth knowledge of the business function, its key vendors, the systems or applications which, if affected may significantly impact revenue or the customer experience.
AsTech’s security consultants will work with the stakeholders in your organization to develop an IRP that is meaningful, actionable, and maintainable. Our consultants have an average of 10+ years experience in security and industry. We have the rare ability to understand both the system and business impact of an incident on the overall framework. We will deliver to you not only a usable IRP, but will work with your team to ensure that the handoff is clean and the plan is easy to maintain going forward.
Incident Response Plan Development and Training is a wholly customized effort. We will work within the constraints of your time and budget to create a plan to ensure that if an incident ever occurs in your environment, you will be ready.
AsTech staff will review our client partner’s current Incident Response scenarios and, if applicable, the planning process. We will compare this to current security best practices and industry standards to determine the partner’s current position.
AsTech will create an Incident Response Plan tailored to the individual business. We will identify and meet with key contributors to insure that every reasonable scenario has a specific and measurable response.
AsTech will work with internal staff to insure that everyone understands their role in the case of a defined incident. Our goal is to insure that if the need ever arises, our client partners will be able to respond in a thoughtful, methodic and reportable manner that is in full compliance with all associated regulatory standards and assists the partner in controlling and containing the incident.