Every business needs a fit-for-purpose cyber incident response plan to enable it to rapidly and effectively respond to a cyber-attack. This blog provides ideas on how you can use our downloadable and free cyber incident response plan template doc to create your own plan.
Running a business on the Internet and consistently scaling it without a cyber incident response plan in place is like taking a car off-roading without a spare tyre. You’re bound to face insurmountable challenges with nothing to fall back upon.
So, how exactly should you go about creating your own cyber incident response plan?
First ensure you download our Cyber Incident Response Plan template. Created by Amar Singh, our founder and CEO, this free, easy-to-use cyber incident response plan template is pragmatic, free from fluff and easy-to-use in case of a cybersecurity incident.
For a detailed understanding of cyber incident response, you can check out our NCSC-certified Cyber Incident Response Plan course that gives you greater and deeper insights and more valuable tools for building cyber resiliency.
You can also read this blog on the 6 Phases of Incident Response which help you better understand what your Incident Response Plan should cater to.
How to create your own cyber incident response plan with our template?
We spoke to Amar Singh on his opinion and advice on the best way to create an incident response plan with the template. Here are the key points to keep in mind...
-
- Structure – Please note that when your proverbial ship is sinking, you’ll need a document that is well-structured, well-organised and easy to read within minutes.
It is advisable to leave out stuff like ‘how to prepare’ for an attack as this document should exclusively focus on the response strategy and steps for when an incident occurs.
No matter which incident response templates you use, make sure you DO NOT clutter your own plan. Keep it neat, simple and brief.
- Effectiveness –While you may have already built your cyber incident response plan, you have to make sure that it answers the following questions – whom to call in case of security breaches, who can authorise critical actions, who goes to the press and with what statement, which third-party to call for forensics & whom to turn to for legal advice.
If your plan answers all these highly critical questions, you have a good chance of responding effectively to a cyber-attack.
- Stakeholders- As you start creating your cyber incident response plan using our security incident response plan template, one of the primary exercises you’ll realise you need to do is build a well-defined list of key stakeholders whose actions are to be elicited at the time of a crisis.
You can classify the stakeholders as The Response Team, The Cyber Incident Management Team, Product & System Owners and Third Parties and Vendors.
However, the final classification and responsibility allocation will depend on the unique structure of your individual organisation and the third parties and external teams relevant to the nature and size of your business.
Obviously, this team will comprise members of the Information Security teams and the Incident Response teams. But it should also comprise of key business executives and decision makers. It is also crucial that every member of this team is well-oriented in their roles and responsibilities in case of a ransomware attack or a data breach.
- Executive Mandate - An essential aspect of building a cyber incident response plan is to outline the Executive Mandate and key principles to be followed. You can have the HR and legal teams of your organisation go through these principles when you’re defining them.
The idea of this aspect is to make it clear what is and isn’t acceptable during an incident response procedure. Some of the principles that we feel you must focus on as far as enlisting executive mandate goes include integrity of evidence and forensics, transparency with staff, clients and regulators, using approved and secure channels for crisis communications, privacy and ensuring minimal disruption of business operations.