Many security teams are operating with incident response plans that haven’t been updated — or even looked at — in months or years. That’s a big mistake. While revising documentation is nobody’s idea of a good time, an outdated plan is rarely useful to anyone. IT security professionals should revisit their plans regularly to ensure that they’re ready to meet their organizations’ needs based upon their current operating environment and the modern threat landscape.

Incident response plans are often first created to check a box — perhaps there’s an upcoming technology audit, or you’re certifying against a new security standard or seeking to comply with a new regulation. Whatever the impetus, technology leaders often pull together the first version of an incident response plan in a hurry to meet a deadline, then put it back on the shelf to gather dust.

That approach might fulfill an immediate need, but the plan certainly isn’t a useful tool to help guide an organization when an incident occurs. A well-designed incident response plan serves a much more important purpose: It brings the calm, collected environment of the planning room into the chaos of a security incident. Here are five things organizations can look for as they seek to revitalize their organizations’ incident response plans.

Published January 2019 in BizTech Magazine.
Read the full article: 5 Tips for Updating a Cybersecurity Incident Response Plan