Incident Response Plan

What is an Incident Response Plan? What Should it Contain?

September 23, 2020
The occurrence of a cybersecurity incident isn’t a matter of if but when. Organizations need to have incident response plans in place. So what is an incident response plan?

What is an Incident Response Plan?

An incident response plan is a roadmap or guide for implementing your incident response capability. Your incident response capability is your incident response team, incident response strategies, and any other resources your organization has to handle incidents. In the case of this article the incident response plan will be focused on cybersecurity incidents.
lifecycle

What Should an Incident Response Plan Contain?

  • Statement of management approval and commitment to the incident response plan
  • The purpose and objective of the incident response plan
  • The scope of the incident response plan
  • A definition that defines a cybersecurity incident
  • A list of roles (incident response team members, relevant management)
  • A list of cybersecurity incident severity ratings and their associated priorities
  • How your organization intends to use to measure the performance of your incident response capability
  • A road map for improving your incident response capability
  • Your incident response procedures
  • Incident response handling checklists for common cybersecurity incidents
  • Your organization’s incident reporting requirements
  • Any reporting and contact forms your organization is required to use

Cybersecurity Maturity Model Certification (CMMC) and Incident Response Requirements

Companies with level 2 or higher CMMC requirements will need to have an incident response capability inplace. This includes being able to detect and respond to incidents, analyzing incidents, reporting incidents to relevant third parties (such as the DoD), testing incident response capabilities, and having plans in place to deal with common incidents. If you would like more information on your cybersecurity maturity model certification (CMMC) related requirements reach out to us at info@cubcyber.com.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance