What is an Incident Response Plan?

Incident Response plan

Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an information security breach. Because, in the war for our card data security, the enemy always has the element of surprise.

Most can imagine a scenario which would compromise their security. A serious fire destroying the whole office function. A rogue employee exposing customer data. A terrorist or criminal hacking their systems. With a war fought on so many fronts, however, it is impossible to defend against all attacks. Because an organisation that is defended to the hilt is also likely to be impenetrable, and therefore not in the business of doing business.

In this war of attrition, some attacks will get through. And the repercussions could be disastrous if there is a long delay in getting the business back on its feet. But the aftermath need not be catastrophic. Recovery can be accelerated to restore normal trading in the shortest possible time frame. That is where a robust Incident Response Plan comes in. Not only does it go a long way toward anticipating and avoiding potential disasters but if an organisation is compromised, it will mitigate the damage and accelerate the road to revenue and reputational recovery.

PCI DSS Requirement 12.10 states that entities must “be prepared to respond immediately to a system breach.” Guidance notes go on to state that such a plan should be “thorough, properly disseminated, read, and understood by the parties responsible”; and include proper testing at least annually to ensure the process works as designed and to mitigate any missed key steps to decrease exposure.

In reality, while all PCI DSS compliant organisations have a degree of incident response capability, in some cases this is simply a box ticking exercise. Few have an adequate Incident Response plan which fully outlines the process for recovery in any number of situations and provides a framework for rapid restoration.

Planning is the key to an effective strategy. It is also important to consider bringing in professional expert support at this stage to assist in developing and maintaining an Incident Response plan that not only ticks the boxes but actually delivers in the event of a breach. If a breach does occur, having engaged professional support, it means that there are expert investigators with an intimate knowledge of your organisation on standby. They will ensure the breech is stemmed, card holder data is secured and revenue generating activities suffer minimal impact. The cost of professional input must be seen as cost effective in the context of restoring business function.

Posted 2 months ago on · Permalink