Develop an incident response plan

  • Document the incident response strategy in writing.

  • Set up an incident response team with clear roles and responsibilities.

  • Test the plan (by red teaming for example).

  • Review it regularly.

How can I convince my organisation to invest in an incident response strategy?

If you are not an executive or senior manager, and are taking the lead on starting incident response efforts in your organisation:

  • Align proposals with the overall organisational (security) strategy.

  • Connect with executives.

  • Bring concrete examples of how this part of the cybersecurity strategy can make a real impact, and a back of the envelope ROI.

  • Do not use any technical lingo and/or alphabet soup. Spell it out.