·

Invoking the Incident Response Plan

January 1, 2024
by

For the Incident Response Plan to be executed, a certain threshold of severity needs to be reached: when the incident has the potential to inflict a critical impact on business operations and is caused by an unauthorised group or individual, whether external cyber criminal syndicates or an insider attack by an employee.   

An incident on the other hand has the following hallmarks:

  • Any suspicious activities that are picked up by the IPS or discovered in the operating system event logs monitored in Syslog and the company’s SIEM software have to be reported to the Chief Security Officer or his/her delegate.
  • The plan should not be evoked during an ‘event’ that is technical in nature such as network hardware failure or a blackout on the company cloud.

3.1. Incident Response Form 

To standardise the Incident Response, printed copies of Incident Response Form 1 have been distributed to all departments of XYZ Company. 

  • The supervisor in charge of the department where the incident occurs is to fill out the Incident Response Form 1 attached below and immediately forward it to the Chief Security Officer to determine whether it reaches the critical threshold to declare an incident.  
  • Incident Response Form 1

3. Invoking the Incident Response Plan

For the Incident Response Plan to be executed, a certain threshold of severity needs to be reached: when the incident has the potential to inflict a critical impact on business operations and is caused by an unauthorised group or individual, whether external cyber criminal syndicates or an insider attack by an employee.   

An incident on the other hand has the following hallmarks:

  • Any suspicious activities that are picked up by the IPS or discovered in the operating system event logs monitored in Syslog and the company’s SIEM software have to be reported to the Chief Security Officer or his/her delegate.
  • The plan should not be evoked during an ‘event’ that is technical in nature such as network hardware failure or a blackout on the company cloud.

3.1. Incident Response Form 

To standardise the Incident Response, printed copies of Incident Response Form 1 have been distributed to all departments of XYZ Company. 

  • The supervisor in charge of the department where the incident occurs is to fill out the Incident Response Form 1 attached below and immediately forward it to the Chief Security Officer to determine whether it reaches the critical threshold to declare an incident.  
  • Incident Response Form 1
incidentresponseDownload

The Incident Response Plan is part of a broader Business Continuity Plan that contains a business impact analysis and risk management plan to help identify and treat most of the risks to the business.  The following is a list of supporting Standard Operating Procedures (SOPs) available on the company cloud and in physical print form to support our organisation’s Incident Response Plan:

The Incident Response Team and Senior Executive Management have access to all three plans.  

jacob

has postgrads in Cyber Law from Deakin Law School; Cyber Crime from Griffith School of Criminology and Criminal Justice; and Cloud Computing and Virtualization from Charles Sturt. After spending the last several years consulting on tech and cybersecurity for newsrooms from México's noticiascancun.mx to South Africa's health-e.org.za he still finds time to write in the age of ChatGPT to keep his pencil sharpened.

Leave a Reply

Your email address will not be published.

Semi-psuedonymous musings on the digital landscape under both Common Law and Moore's Law. This is a personal blog, not a peer reviewed journal or news portal with irascible editors, primarily to keep my pencil skills sharp in the age of ChatGPT. Cheers, Jacob.
Previous Story

Future changes flagged for the Privacy Act’ Small Business Exemption?

Next Story

Ukraine’s MacPaw and the increased threat profile of your favourite Macbook cleaner

Latest from Data Security

Go toTop