Prepare to protect business value when incidents occur

men looking at computer

Every organization will need to respond to a situation that puts its business value at risk. It’s not a question of if but when this will happen.

Technical incidents can arise from natural circumstances — such as floods, hurricanes, earthquakes, or fires — as well as from man-made threats, including cyberattacks, power outages, or loss of key personnel. Different techniques may be required based on the situation, but some approaches (like executing a calling tree to notify those involved) will be leveraged in all scenarios.

An incident response plan defines approaches that can help return IT operations to an acceptable level of performance, allowing your business to get back to operating as quickly as possible after a disruptive event. Enterprises should also consider who needs to be part of the response team and the value of regularly testing its incident response plan.

A multistage approach

Preparing for an incident can be divided into four steps:

1. Plan

To begin understanding the possible effects of an incident, you’ll first need to perform a risk assessment (RA) and/or business impact analysis (BIA), identifying the IT services that support your organization’s critical business activities. Then, you’ll need to establish recovery time objectives (RTOs) and recovery point objectives (RPOs).

Once you have this information, you can perform a current situation analysis and identify gaps between the current response approach and what it would take to meet the objectives identified. By defining policy, objectives, targets, processes, and procedures relevant to managing and responding to risk, you can create a plan to address your organization’s readiness to deliver when the situation requires it.

This is also a good time to identify the key personnel that will be required to respond and how they will be called upon to act. Each individual should have a backup person that they will train. Diversity of perspective will be key to an effective team, since expertise provided by hardware, networking, software, personnel, and even customer/vendor relationship departments may be required depending on the situation.

2. Do

Once the key risk areas are understood, enterprises need to train personnel and strengthen the gaps previously identified. The plan pointed out areas of concern. Now is the time to address them.

3. Check

Once you have a plan and begin to address the weak links, testing and maintenance of your environment are key to validating progress. These tests should be executed regularly and cover activity from just walking through the documentation through a full drill where equipment failover will be required. A range of likely events should be selected for testing. Some organizations have automated to the point where production environments are under continuous failover testing.

4. Act

There are numerous guides to responding to incidents that can help you learn from the mistakes of others. In addition, log the characteristics of real situations or test scenarios to improve the existing plan.

The third edition of AT&T Cybersecurity Insights, “The CEO’s Guide to Cyberbreach Response,” outlines steps you can take now to prepare to handle and recover from a cyberattack.

Granted, you can’t plan for every situation, but with a tested plan in hand, you will be less likely to overlook the obvious.

Charlie Bess IT Consultant Sponsored Post About Charlie

Charlie Bess is an independent IT consultant. He is the author of this blog and all opinions are his own. AT&T has sponsored this blog post.