The Cyber Incident Response Plan: The Power Is In The Process>
Mondaq – Daniel J. Michaluk And Eric S. Charleston
Life is a journey, not a destination â and the same can be said of the cyber incident response plan.

Many organizations are required to have a plan by either regulation or contract. For example, the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) standard requires responsible entities to have incident response plans for certain systems. Other organizations have agreed to have a plan in place as part of a cybersecurity rider to an important contract.

The pressing need for an incident response plan invites the problem: organizations assign work, compile templates and pay experts for input. Oftentimes, a technical person who has good knowledge of incident response prepares the draft, using a template from a vendor.

There is a better way to plan We advise you do the following, and do it now: Assemble the incident response team and work through the draft in a series of meetings, ideally with facilitation by experienced incident response counsel; Methodically go through each part of the plan and incident response process â containment, investigation, remediation, mitigation and closure; and Confirm what the plan means to individuals in practice, what issues it raises, what’s missing and how it needs adjusting. By undertaking the above process, you will identify issues unique to your organization that no template will contemplate. You will test your plan against the typical requirements and constraints of incident response practice (provided by your expert facilitator). And, most importantly, you will develop a shared understanding of the plan among all team members, enhancing your readiness. Done well, the learning is palpable and the experience energizing.
Link: https://www.mondaq.com/canada/security/1197948/the-cyber-incident-response-plan-the-power-is-in-the-process