What is an Incident Response Plan?
An incident response plan is a roadmap or guide for implementing your incident response capability. Your incident response capability is your incident response team, incident response strategies, and any other resources your organization has to handle incidents. In the case of this article the incident response plan will be focused on cybersecurity incidents.
What Should an Incident Response Plan Contain?
- Statement of management approval and commitment to the incident response plan
- The purpose and objective of the incident response plan
- The scope of the incident response plan
- A definition that defines a cybersecurity incident
- A list of roles (incident response team members, relevant management)
- A list of cybersecurity incident severity ratings and their associated priorities
- How your organization intends to use to measure the performance of your incident response capability
- A road map for improving your incident response capability
- Your incident response procedures
- Incident response handling checklists for common cybersecurity incidents
- Your organization’s incident reporting requirements
- Any reporting and contact forms your organization is required to use
Cybersecurity Maturity Model Certification (CMMC) and Incident Response Requirements
Companies with level 2 or higher CMMC requirements will need to have an incident response capability inplace. This includes being able to detect and respond to incidents, analyzing incidents, reporting incidents to relevant third parties (such as the DoD), testing incident response capabilities, and having plans in place to deal with common incidents. If you would like more information on your cybersecurity maturity model certification (CMMC) related requirements reach out to us at info@lakeridge.io.
