Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
Incident Response Plans: Necessities for 2021 and Beyond

by Erik Briceno

You never want a cybersecurity incident to happen. But in today’s complex technological landscape, it does happen — frequently. Therefore, you need to be prepared to implement an incident response plan that will help your business reduce the risks, costs and recovery time associated with a security breach or cyberattack. Not doing so directly affects your company’s bottom line.

Small to midsize businesses can take steps to counter the ever-evolving threat of cyberattacks and become “cyber ready.” These steps are not overly complex or costly, and businesses can significantly protect themselves by taking action.

Follow NIST guidelines.

When it comes to planning for these worst-case scenarios, the National Institute of Standards and Technology (NIST) plays an absolutely vital role. Among many other things, they have published an important Guide for Cybersecurity Event Recovery to help organizations develop a game plan to contain the opponent and get back on the field quickly. As the number of cybersecurity incidents climbs, and the variety of types of attacks grows, “It’s no longer if you are going to have a cybersecurity event, it is when,” said computer scientist Murugiah Souppaya, one of the guide’s authors.

The NIST publication supplies tactical and strategic guidance for developing, testing and improving recovery plans. It recommends organizations create a specific playbook for each possible cybersecurity incident, and it includes examples you can adapt to your specific situation. “To be successful, each organization needs to develop its own plan and playbooks in advance,” said Souppaya. “Then they should run the plays with tabletop exercises, work within their team to understand its level of preparation and repeat.”

Understand the NIST framework.

NIST recently released an updated version of its Cybersecurity Framework, which provides organizations of all sizes — including government and private-sector businesses — with standards, guidelines and best practices for managing cybersecurity risks.

This framework is structured around five key functions:

  1. Identify – Begin with an overall understanding of your technology situation and its business context, which includes identifying your IT assets and their vulnerabilities, creating a risk management strategy and implementing cybersecurity policies.
  2. Protect – Put appropriate safeguards in place to minimize potential cybersecurity incidents, which includes providing employee training, using access control systems and updating security systems.
  3. Detect – Implement systems and monitoring to detect cybersecurity incidents in a timely manner.
  4. Respond – Be prepared to take quick action to contain the impact of a potential cybersecurity incident, which includes ensuring you follow your incident response plan and maintain communications with all stakeholders.
  5. Recover – Return to normal operations and implement improvements based on lessons learned and reviews of existing strategies.

Outsource your IT.

V2Systems IncidentResponsePlanAndNIST May2021 Blog1 Pic2 1024x510 - Incident Response Plans: Necessities for 2021 and BeyondWhen you’re running a business, the key to success is remaining focused on your vision and committed to fulfilling it. That’s why it’s essential to keep distractions to a minimum — including the technology your business requires. You shouldn’t have to think about it — you just need it to work.

That’s where an IT managed services provider comes in. Outsourcing your IT tech support can improve your performance measures in terms of cost, quality, service and speed. Look for a provider who will work to understand your company and analyze your needs, then translate those objectives and processes into solutions that span the lifecycle of your entire IT infrastructure.

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
Incident Response Plans: Necessities for 2021 and Beyond
Incident Response Plans: Necessities for 2021 and Beyond