- Complete risk assessments for executive review, operational process and third-party vendors
- Review security best practices and validate your organization’s adoption or reasoning for not adopting
- Audit your data and review your data stewardship practices including data lifecycle management
- Complete a review of insurance needs including exclusions and pre-approval of coverage for any third-party services (such as cyber forensics, remediation provider, PR firm, etc.)
- Establish and regularly test an end-to-end incident response plan including empowering 24/7 first-responders
- Establish/confirm relationships with data protection authorities, law enforcement and incident service providers
- Review and establish forensic capabilities, procedures and resources (internal and third-party providers)
- Develop communication strategies and tactics tailored by audience (e.g., messages to employees vs messaging to media vs notifications to customers)
- Review remediation programs, alternatives and service providers
- Implement ongoing employee training for incident response
- Establish employee data security awareness and ongoing education on privacy, incident avoidance (password practices, how to recognize social engineering, etc.) and incident response
- Understand regulatory requirements, including relevant international requirements
Best Practices: Cyber Incident Response Readiness
Related articles
Strengthening the Internet
28 September 2020
Fact Sheet: Quantum Physics and Computing
A paper explaining how quantum computing and encryption are related.
Strengthening the Internet
21 September 2020
Virtual Schooling
Take a look through our back-to-school checklist that aims to help you, as a parent or guardian, make sure...
Building Trust
31 August 2020
Policy Toolkit on IoT Security and Privacy
The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...