Does your IR Plan Help During a Breach?
Say I give you the manual for a 737 jumbo jet. I asked you to read it, understand it, and be ready to fly the plane at a moment’s notice.
Two years go by.
Then, I call you up and say that I need you to fly the jet from New York to Los Angeles that afternoon. Would you be ready? Would you remember anything you read in the manual two years earlier? Do you even remember where you put the manual?
These questions are, of course, rhetorical. No one would expect you to fly a plane having only read the manual. So why do we think that having an incident response (IR) plan that we write up, read once, and then put in a drawer is going to help us when we have a security breach?
Because the truth is, just like the manual for that jumbo jet, we’re not going to remember anything about what we’re supposed to do in a breach if that document hasn’t been a living, breathing part of our organization between when it was written and when it was needed.
The Real Benefit of An Incident Response Plan
Having an IR plan is absolutely important. Everyone’s role should be laid out, and response strategies clearly defined. But that’s only the first step.
Because the secret of having an IR plan is not that having it is the most useful thing. Rather, the real benefit of an IR is knowing how to use it. And how do you know how to use it when the time comes?
Practice, practice, practice.
Having an IR plan makes you that much more likely to practice how to respond in an actual emergency. Because if you don’t (Read more...)