Planning and preparing for information security incidents before they strike is a smart way to identify potential system vulnerabilities. It’s also a great way to ensure your response team is ready and able to address threats, if and when they occur. Using checklists as part of that preparation process can help ensure key steps are not inadvertently missed in the confusion and stress that such attacks or incidents can bring.
Depending on your industry, size of your company and the types of systems and infrastructure you use, you may want to use any combination (including all) of the following types of checklists:
Forensic Analysis Checklists
Part of the incident response process will involve identifying the scope and impact of the incident. A system-specific or application-specific checklist can provide you with guidance as you look at individual systems forensically, looking for behavior that is out of the ordinary.
Your forensic analysis checklists should be customized for each of your critical systems on both an operating system basis and on a functional basis.
Emergency Contact Communications Checklist
Just as you do with your organization’s disaster recovery plan, you should also have checklists with contact information and steps to help guide your communications when an information security event occurs.
These checklists may vary depending on the scope and severity of the incident, as well as on which systems were impacted. Document who needs to be contacted (and why), their contact information, and prepare a sample script for those phone calls or email communications. This may include “notification only” parties as well as staff or third-party providers needed to get impacted systems up and running again.
Systems Backup and Recover Checklists
Every system or tool your company uses should have its own checklist outlining steps and tasks involved in backup and recovery efforts.
Include information about the time needed to perform each step and to verify functionality after recovery.
“Jump bag” Checklists
SANS, a premier source of information for the incident responder, recommends that each incident response team member have an organized and protected “jump bag” at the ready. These checklists should allow the team member to more quickly spring into action to respond to information security incidents quickly.
Jump bag checklists may include contact information for team members, USB drives, anti-malware utilities, computer and network toolkits, laptops with forensic software, incident response procedures and documentation, and any other information that might help your response team in their efforts.
Security Policy Review Checklist
A key element of your incident response should be conducting a thorough review and analysis after the fact, identifying ways to prevent similar incidents in the future.
Keep a post-incident review checklist handy to capture the date and time the incident was noticed, how it was identified, the scope of the incident, what action or steps were taken to contain and eradicate it, what worked well during the incident response, and how the response and controls could be improved.
Is Your Company Prepared to Handle an Information Security Incident?
Of course, no company wants to find itself having to deal with the aftermath of an information security incident. If an incident occurs, having tools, a partner on retainer, and procedures and response checklists in place can make containing and eliminating threats significantly easier.
Intrinium Information Technology Solutions provides a variety of information security services to businesses across the financial, healthcare and retail industries, as well as to state and local agencies. To learn more, and to evaluate your organization’s readiness for an information security incident, contact us online or call us at 866.461.5099 today.