Page 21 - The IT Guidebook
P. 21

WHAT IS AN INCIDENT RESPONSE PLAN?

        In the image below, the “BOOM!” represents the incident itself. It could be any type of
        cyber incident, including the one we just described, but it could also be a natural disaster
        like a hurricane or flood, a terrorist attack, a sudden death or absence of key personnel,
        or any incident that severely impacts your operations. For purposes of THIS article, we
        are focusing on cyber incidents such as account compromise, data breach, ransomware,
        and extortion. A company that does not already have a cybersecurity incident response
        plan (IRP) should strongly consider engaging with a consulting firm who has expertise
        to develop a detailed plan. A consulting company will ensure that there are no critical
        omissions that could cause the plan to fail during a real live incident. It is always better to
        plan and be prepared. Remember, if you are locked out of your system, make sure you can
        still access your IRP which should be stored out-of-band and accessible during an incident
        response.
 INCIDENT RESPONSE PLANNING





 IMAGINE THIS:


 Y  ou’re the Executive Director of a $5 million dollar nonprofit organization. It’s 6:30
 AM on Monday morning and even though you wish you were still sleeping; you
 are logging into your email to follow-up with some donors. You get a login error
 message, wrong password. You’re still waking up, you probably typed it wrong. You take
 a sip of coffee and type in your password again. Wrong again. Another sip, another try.
 OK: now you are SURE you are using the right password. You pick up your phone and as
 soon as you unlock it you see that you have a bunch of unread text messages. Your phone
 starts ringing - it’s your trusted and incredibly competent office manager, calling with some
 bad news: no one can login and it appears you are under attack. Hackers apparently want
 a specific sum of money to unlock your email accounts. This is a nightmare though you
 are surely awake.

 Your brain starts working and you ask if you can “just call Google and have them reset our
 accounts or something,” but there’s more bad news: the hackers reveal they have personal   Please note that the items listed left of boom are not meant to be a comprehensive list of
 information of all your donors and will leak it on the dark web if payment is not made. As   protections - there could reasonably be dozens of items listed there - we are just listing a
 the Executive Director, you are being asked: “What’s the plan?”  few of the major ones.
 Was your plan that this wouldn’t happen to your organization?
                                                      CONTINUED ON NEXT PAGE


 19                                                                        20
   16   17   18   19   20   21   22   23   24   25   26