Answering the challenge: your incident response plan quiz
An up-to-date and ready-to-use incident response plan (IRP) is essential. Take our quiz to test the status of yours and discover any weak links.
-
1. Most businesses have incident response plans for physical incidents like fire and flood. Is your IRP updated to address the new wave of digital threats?
- We work online, but we haven’t updated. My business has the same collection of old plans for fire and flood that it’s always had.
- Our plan covers digital threats broadly but doesn’t go into specifics. I’m looking to include them in an updated plan.
- My business has analysed the threat environment, including the likelihood of cyber security incidents. I’ve identified the specific digital threats common to my industry.
Incident response plans have long been used to manage threat situations in the physical environment – for example, in the event of natural disaster, accident or a building fire. In principle, an IRP for digital threats is similar to one designed for physical threats, but the contents differ. An IRP for cyber threats is unique because of the dynamic nature of the digital threat environment. Keep in mind industry-specific threats, the type and value of data you hold, third-party networks that you work with, and the robustness of your cyber security networks. -
2. Knowing what to protect is essential. As part of your planning, have you identified key assets, valuable data, and systems critical to your business?
- The business’s IRP doesn’t go into this kind of detail. It gives me a broad sense of what’s important, but without specifics.
- All assets, data and systems in the plan have been given equal consideration.
- My business’s plans have had a lot of thought put into them. I’ve identified what is essential to protect and why these assets need more attention than others.
Every business will differ, so think about inputs for your specific business. Whether it’s because of legal obligations, the value of the data, or how essential the systems are to your operations, a sense of priority is essential. -
3. Plan for all events. With each incident, the threat to your data differs. Does your IRP cover a response to each major incident type you’re likely to encounter?
- Our broad-based Incident Response Plan should assist in most situations.
- Our IRP broadly covers digital breaches but does not have individual responses to particular digital threats.
- Our business has identified our major threats, so our IRP has individual plans for each likely situation.
From network system failures that disable your business operations to a ransomware attack to leaked customer payment details, each possible digital incident calls for a unique response. Devote sections of your plan to answer these different challenges and include timeframes and objectives for each response. This will help you create a decision tree to guide you on what to do next. -
4. Know who needs to do what and when. Do staff and management know their roles in the event of an incident?
- The plan doesn’t identify individual roles and responsibilities clearly. Resources will need to be allocated ad hoc.
- Management have been briefed on the plan and they will allocate the roles to the rest of the team as needed.
- Management and staff understand their roles and responsibilities and have received the training they need. They will jump into action and execute the response plan.
Your team is critical in helping your business during a major incident. Having the team well trained with roles defined fosters a culture where everyone becomes an essential part in protecting your business. It’s crucial that everyone involved in executing a response plan knows the reporting lines and who makes which calls. -
5. Have your resources ready to go. Are all key tools collated and ready to use in the response?
- These resources in the plan still need to be identified and organised.
- Most of what the business needs isn’t collated in an indexed fashion.
- Appended to the plan via an indexed system are complete and comprehensive contact lists, specific checklists for each situation, and relevant guides for use.
A response plan in action will call upon resources and references. Make sure they are with your plan and ready to go. -
6. Tell the people that need to know. What is your process for alerting necessary stakeholders?
- Our business isn’t across the Privacy Act regulations and has no formal process for making contact.
- Each section of the plan has a guide on who to contact according to the incident type and the business is up-to-date with Privacy Act requirements, but there is no formal process for alerting relevant contacts.
- The plan includes a response framework specifically designed to alert relevant parties including board members, suppliers, and external agencies that might be impacted.
Since the updates to the Privacy Act, a business’s obligations to keep data secure and the requirements to notify the right people as part of the Notifiable Data Breach Scheme are stricter than ever. Creating a communication flow chart for this can help you follow the right process. -
7. Public perception needs to be a priority. How does your plan fulfil the need to protect your public reputation?
- I think it is unlikely that news of my incident would reach the broader public. My business is too small for people to notice.
- The business will respond as needed.
- The business has pre-prepared communications advice for customers and clients, allocated a media spokesperson, and approved a messaging framework should the need to talk to media arise.
As outlined in the Telstra Security Report 2019, for businesses large or small, customer experience is everything, and “increasingly customers are actually asking businesses about privacy, what’s happening to their data and how it is being used and protected”. In the event of a cyber breach, the reputational damage can outweigh the cost of the incident, so make sure you have a communications strategy. -
8. Scheduling is key. How do you maintain your Incident Response Plan? And do you practise it?
- The business developed a plan a while back, but I haven’t had the need to use or update it.
- The business has had it updated from time to time, but it’s rarely practised.
- The business follows a rigorous update schedule and the responsible team practises executing the plan every 3 months, or shortly after each time it is substantially updated.
The speed of change in the digital world is rapid, so updating your plan is essential. Your update schedule needs to take into account how frequently your organisation changes or how often new threats may appear. A large organisation with frequent changes might review quarterly while a smaller, more stable business might update bi-yearly. However, when new and formidable threats are discovered, an update should be scheduled sooner. -
9. Taking stock. After an incident, what processes do you have in place to review what happened and make updates for the future?
- Business carries on. Our team lacks the time and resources to stop and think about the incident once it has passed.
- The responsible person takes note of whether the incident response plan was useful and in what way, but the learning process isn’t currently fully developed.
- As a matter of process, the business documents every detail of the incident and lists each of the response actions taken.
Recording the incident in detail and listing the responses taken enables you to collect lessons learned. This helps your business to update your plan for the future and make it more effective.
Security Assessment Reminder
Have you booked your next cyber security assessment? Don't forget as a customer of this service you have access to 4 assessments per year to identify areas for improvement.
Book NowSecurity Assessment Reminder
