Incident Response Plan-Part 5

Be Structured Blog Images 0003 Layer 6
This entry was posted in Security and tagged , on by .

The Components of An Incident Response Plan

It is at this point that crafting the actual Incident Communications plan becomes crucial.  It is important to note that each plan will be very unique to a business or a corporation, therefore the exact requirements that needs to go into such a plan will vary.

In these instances, it could prove to be very beneficial for an organization to actually hire an outside company that specializes in creating such plans. The biggest advantage of this is that the Incident Response Communications plan will be created from an unbiased and neutral perspective.

But, the general components that should be included in this plan would include the following:

1)     Identify who will be specifically involved on the Incident Response communications team:

In this component of the plan, it is very crucial that the right people from all of the departments of the business or corporation are selected.  Once selected, all of these individuals must then understand the gravity of their responsibilities, as they must be able to respond quickly at a moment without hesitation.  The key individuals that need to be included on this team include the following:

  •             The CEO, CFO, and the CIO or CISO:
  •             A representative from the Public Relations department;
  •             A representative from the Investor Relations department;
  •             A representative from the Human Resources department;
  •             A representative from the Sales and Marketing department.

It is also important that at least two individuals from these respective departments should be trained in how to handle any communications or queries from the media.  Also, an alternate to each representative should also be picked in case the primary representative cannot be reached during the time of a crisis.

2)     Have mechanisms in place where employees can help communicate any unforeseen threats:

In this regard, there should be an open line of communication where feedback from employees is solicited across all departments of the organization, and at all levels.  The goal here is to have the ability to report any new threats and even new ideas for the continuous refinement of the Incident Response communications process to the appropriate representative of the IR Communications team (as just described). By having this particular line of communication in place, a proactive Security mindset will thus be instilled amongst all employees of the business or corporation.

3)     Create and develop the messaging around the risks that have been identified:

After the representatives have been selected and the open lines of communications set forth, the next step is to create the messaging for each kind of Cyber risk that the organization is prone to.  Obviously, the details of what will be communicated to the public and other key stakeholders will vary if an organization is actually hit by a Cyber-attack.  But at this point in the Incident Response Communications plan, it is important to have at least the messaging template prepared so that the designated representatives of the various departments will be able to communicate with confidence and effectiveness.

4)     Create the Internal Contact Roster:

This component of the Incident Response Communications plan is deemed to be one of the most important.  After all, once a business or corporation is hit by a Cyber-attack, the first thing that will come to mind is contacting the department representatives to determine exactly what is happening and to what degree the damage is.  In this regard, it becomes critical to have all of the contact information (which includes work E-Mail, personal E-Mail, work cell number, personal cell number, and even home telephone number) for each of the department representatives.  All of this contact information should be documented in an easy ad quick to read format, such as that of a call tree.  Also, it is important to include all of this contact information for the alternate department representative as well.  The bottom line here is that all of the contact information must be up to date and confirmed at least once a month for any changes.

5)     Identify and establish relationships with the key stakeholders of the organization:

Apart from communicating with employees and the department representatives, it is also equally important to reach out to the stakeholders that have a vested interest in the well being of the organization in the time of a crisis.  Such individuals include the following:

  •             Investors and shareholders;
  •             Customers and business partners;
  •             Suppliers and distributors;
  •             Any relevant government official at the local level.

This particular component of the Incident Response Communications plan is an often overlooked one; therefore, it is important to include all of their contact information in the call tree as well.  The call tree should be made available to all department representatives (including their alternates) and key stakeholders in printed, electronic, and online formats.

Finally, it is important for a business or a corporation to not focus on just preparing for only one type of Cyber-attack.  Rather, a holistic view should be taken, which will thus allow you to prepare for any Cyber-attack.

These components of the Incident Response Communications plan can be diagrammed as follows:

  1.  Creation of incident response team
  2. Implementation of communications line
  3. Create appropriate messaging
  4. Create internal contact roster
  5. Identification of key stakeholders


Our next blog will examine how to articulate and communicate an Incident Response event to the key stakeholders in your organization.