5 Steps To Build An Incident Response Plan

5 Steps To Build An Incident Response Plan

As security breaches continue to happen, it increases the focus on how to avoid one. Each year more and more organizations fall victim to cyber crime, which is why it is crucial that organizations focus on what steps to take should a security incident occur. Unfortunately, chances are that at some point your company will fall victim to a security breach, which makes it extremely important that you know how to respond.

Check out video below, our guess is this won't be the first industry to put these type of guidelines into effect. If you don't have an incident response plan, it's time to start formulating your strategy!


The most effective approach to preparing for a security breach is to establish an incident response plan. This plan outlines the process you will utilize if and when a cyber attack occurs. In order to help you create the most effective response plan possible, follow these five steps.



Preparation is always the first step, as it is important to define and analyze the concept before diving in. Ask yourself, “what warrants a response?” Does the attack have to be successful for you to launch your incident response plan?

It is also helpful to prepare by conducting a full analysis of your current IT systems, and decide which elements are critical when it comes to keeping your organization running. Related to this is an understanding of which data you consider crucial, and that needs to always remain secure should an incident occur. With a solid grounding in your IT and data systems, you can formulate a strong response plan that ensures the most critical elements are the most secure.


Designate Response Team

This team is made up of the designated specialists whose responsibility will be to lessen the impact of the incident when it arises. They will ensure that all of the pieces you pinpointed in step one are protected. It helps to also determine who will be the Incident Response Manager, as they will oversee the response team and the procedures that are employed.


Establish Response Requirements

A big factor in mitigating the impact of a security breach is ensuring that responses are handled in a timely manner. This is why you outline requirements that your response team will follow in order to resolve incidents quickly. In order to prepare these requirements, you need to ask questions such as “How long can we afford to be ‘offline’?”, and “What is needed to manage these issues in the short and long term?”.

It is helpful to document these requirements, as everyone involved should know exactly what is needed to counteract the damage that was done.


Strategy for Disaster Recovery

In a worst case scenario, your team needs to be prepared to restore everything that is affected. Implementing a BDR (backup disaster recovery) solution, will improve your chances at easily moving forward after a breach. These solutions backup your system and processes in order to lessen the impact of data loss. The creation of this type of strategy will optimize the process of recovery and help you prevent future issues from arising.


Run a Drill

You can’t ensure that your incident response plan is fully baked without running a test. Try having your team run a drill, which puts them in a position to where they must execute the plan you’ve established.


First the chain of communication must be worked, by notifying leadership, PR, legal, and anyone else that needs to be contacted. The manager of the response team should prepare reports, so that leadership and stakeholders remain in the loop. This drill should be taken seriously, as its function is to determine what pieces are working, and where improvements must be made to ensure success when a real incident does occur.


A security breach is something that no one wants to have to deal with, which is why preparation is so important. Following these steps will ensure that you are prepared to handle an incident should one arise, which makes the entire situation much less stressful and less detrimental to your business. The effects of a disaster can be mitigated, so prepare for one as though you know it will one day occur.

We're visual people, we're sure many of you are too! To help visualize this process we made an easy to read infographic! Take a look here.

If you’d like to explore incident response plans in more detail, and determine where your organization can improve on its processes, contact us today!