Crafting a cybersecurity incident response plan, step by step

The cybersecurity incident response plan: Swift and automated

Like millions of others, I recently learned the info hackers stole in the Equifax breach may have included some of my personal information. Like millions of others, I thought: What the hell do I do now? A natural response. But it's not one any security team can afford. When a company is the victim of a breach -- and it likely will be -- it must have a cybersecurity incident response plan in order to minimize business disruption and hack-related expenses.

Gone are the days of planning to prevent all attacks; hacks are going to happen. That means there can be nothing "incidental" about incident response. A well-thought-out, detailed set of procedures is essential, and the actors involved in carrying it out must be informed, trained and ready to hit the ground running. As Nemertes Research CEO Johna Till Johnson puts it, a company's cybersecurity incident response plan must be "as swift and automatic as possible."

To accomplish this, the plan must factor in a broad array of issues, foremost of which is the ubiquitous cloud. This includes not merely the cloud apps and cloud-based data the company uses, but also those custom apps employees install on their personal devices that also access corporate info.

In today's hacker-packed world, a cybersecurity incident response plan is essential. This guide to creating an effective one includes expert guidance on the nitty gritty details an effective plan should include. It delves into the particulars of how to deal with cloud in such a plan and also examines the responsibilities of the CISO when a security incident occurs.

Whether your team needs to create a cybersecurity incident response plan from scratch or just needs to make sure your existing plan is as good as it can be, this is a great place to start.