Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
Your Incident Response Plan Should Be Your Best Laid Plan

by Erik Briceno

No matter how strong your cybersecurity posture is, you’re never one hundred percent secure. When an attack does get through – whether the consequences are a data breach, a ransomware lockdown, or worse – you need to have a plan in place. That’s where an “incident response plan” comes into place. Any organization can be targeted by a cyberattack, so having a plan like this is necessary and incredibly useful, no matter what your organization is or its size.

What Is an Incident Response Plan?

At its simplest form, an incident response plan is a list of instructions to follow when a cybersecurity intrusion occurs. They say “the devil is in the details.” But honestly, having a detailed, well-outlined document can save your organization. An incident response plan is such a document. The form it takes doesn’t really matter (a paper document on your desk, a poster image on the wall of the office, a file on your network, etc), as long as the plan is there and understood by your team. It will help you respond to and recover from potential — and indeed inevitable — security incidents. Damage control and mitigation is the name of the game.

How Do You Make an Incident Response Plan?

Your Incident Response Plan Should Be Your Best Laid PlanEvery incident response plan should cover, in detail, what needs to happen under a certain situation or scenario. So, it goes without saying that a lot of thought and strategy goes into it. That’s the whole point. And while it can seem overwhelming at first, they’re generally broken up into three parts:

  1. Identification – What happened? What was the security incident? Where did it happen? Who is best suited to deal with that particular incident? The who, what, when, where, and why are the first things to address when trying to determine how to keep things from going from bad to worse. Detailed records of the incident should be kept regarding each of these questions.
  2. Containment – Now that you know what happened, it’s time for some damage control. Isolate any and all affected systems to prevent further damage. Find the original cause and remove anything that it touched. Also, be sure to disconnect from the network and stop backing up data immediately. (This will stop the malicious software from overwriting clean backups with infected files.)
  3. Recovery – The damage has been done, and hopefully it’s been fully contained and minimized as much as possible. Time to fully take stock of what’s been lost and begin the process of retrieving what you can. Previously affected systems can slowly come back online, but only after being certain there’s no longer a threat. A Backup, Disaster, Recovery (BDR) solution can help this process tremendously. If you have one, use it to restore from the most recent, clean backup.

No security system is foolproof. And no human is perfect. Mistakes can happen, and damage will be done. This is simply a fact of life. And while much can and absolutely should be prevented, how you respond to a cybersecurity disaster is just as important. Having a plan in place is just as essential as locking the door: You need to know what to do if someone does break in. Not only can V2 Systems help you come up with and deploy this plan, but we can also greatly reduce your chances of ever needing it in the first place.

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
Your Incident Response Plan Should Be Your Best Laid Plan
Your Incident Response Plan Should Be Your Best Laid Plan