Does your organization have a defined incident management or problem management process? If not, it may be a good idea to spend some time formally defining your incident management process and plan for how your technology and cybersecurity teams respond to incidents. Having even a simple incident management process helps reduce confusion about who is responsible for what and how high of a priority an incident may be, things you want to avoid in the heat of an incident response.
Implementing an incident management process starts with the following:
There’s no need to overcomplicate it or define more structure than is really needed by your company, and there is no one-size fits all approach. However, if you haven’t had a conversation to answer any of the questions above (or if you haven’t in a while), it’s a good time to revisit this topic and ensure your teams responding to incidents are on the same page.
This article is a good read on implementing an incident management process if you’re doing so for the first time.
To view other PMMI CyberHealth content, visit pmmi.org/cyberhealth Got a more specific question? Email [email protected]. Be sure to also opt in to the CyberHealth e-newsletter to get cybersecurity updates straight to your inbox.