- Complete risk assessments for executive review, operational process and third-party vendors
- Review security best practices and validate your organization’s adoption or reasoning for not adopting
- Audit your data and review your data stewardship practices including data lifecycle management
- Complete a review of insurance needs including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
- Establish and regularly test an end-to-end incident response plan including empowering 24/7 first-responders
- Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
- Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
- Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs messaging to media vs notifications to customers)
- Review remediation programs, alternatives and service providers
- Implement ongoing employee training for incident response
- Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
- Understand regulatory requirements, including relevant international requirements
Best Practices: Cyber Incident Response Readiness
Related articles
2016 Cyber Incident & Breach Readiness Guide
Building Trust25 January 2017
2016 Cyber Incident & Breach Readiness Guide
The cyber threat landscape has changed dramatically over the past twelve months, with the definition of incidents expanding significantly beyond...
Botnet Remediation Overview & Practices
Building Trust1 October 2013
Botnet Remediation Overview & Practices
This paper has been written for a broad audience of service providers, operators of popular web properties, and other members...
2015 Online Trust Audit and Honor Roll
Building Trust1 October 2017
2015 Online Trust Audit and Honor Roll
The 2015 Online Trust Audit includes a composite analysis focusing on three major categories; a company’s data protection, security and...