‹ Back
Security 25 January 2018

Best Practices: Cyber Incident Response Readiness

  • Complete risk assessments for executive review, operational process and third-party vendors
  • Review security best practices and validate your organization’s adoption or reasoning for not adopting
  • Audit your data and review your data stewardship practices including data lifecycle management
  • Complete a review of insurance needs including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
  • Establish and regularly test an end-to-end incident response plan including empowering 24/7 first-responders
  • Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
  • Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
  • Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs messaging to media vs notifications to customers)
  • Review remediation programs, alternatives and service providers
  • Implement ongoing employee training for incident response
  • Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
  • Understand regulatory requirements, including relevant international requirements
‹ Back

Related articles

2016 Cyber Incident & Breach Readiness Guide
Building Trust25 January 2017

2016 Cyber Incident & Breach Readiness Guide

The cyber threat landscape has changed dramatically over the past twelve months, with the definition of incidents expanding significantly beyond...

Botnet Remediation Overview & Practices
Building Trust1 October 2013

Botnet Remediation Overview & Practices

This paper has been written for a broad audience of service providers, operators of popular web properties, and other members...

2015 Online Trust Audit and Honor Roll
Building Trust1 October 2017

2015 Online Trust Audit and Honor Roll

The 2015 Online Trust Audit includes a composite analysis focusing on three major categories; a company’s data protection, security and...

Join the conversation with Internet Society members around the world