Comprehensive Incident Management
This presentation will introduce a framework to build a comprehensive incident management program. The program is comprised of four foundational components; planning, preparing, practicing, and measuring. The framework has been designed to be compliant with multiple standards, which include PCI, ISO, NIST, NERC, and HIPAA.
The planning component covers the development of an incident management plan. The plan is built from four sections covering the scope, roles and responsibilities, reporting, and the six phases of incident response; detection, assessment, containment, analysis, remediation, and post mortem.
Preparation builds the reporting facilities, creates the necessary documentation, implements status tracking, assess and acquires tools, provides training, assembles contact information, and raises the awareness of the plan, and how to contact the incident response team.
Practicing the incident management plan is crucial to success. To obtain the greatest benefits from practicing, special consideration needs to be made to ensure a repeatable process is used, that real world scenarios are used, that each phase of the incident response plan is tested, that close attention is paid to the communication linkages, and handoffs, and the metrics used to measure the success of the plan are validated.
Measure the success of the incident management program is vital to be able to communicate the plan’s effectiveness to senior management. There are certain metrics that lend themselves to easily communicate the health and effectiveness of the program. These metrics are also leveraged to provide insight to the organization of high risk areas and the trending patterns of the incidents impacting them.