Answering the challenge: your incident response plan quiz
An up-to-date and ready-to-use incident response plan (IRP) is essential. Take our quiz to test the status of yours and discover any weak links.
1. Most businesses have incident response plans for physical incidents like fire and flood. Is your IRP updated to address the new wave of digital threats?
- We work online, but we haven’t updated. My business has the same collection of old plans for fire and flood that it’s always had.
- Our plan covers digital threats broadly but doesn’t go into specifics. I’m looking to include them in an updated plan.
- My business has analysed the threat environment, including the likelihood of cyber security incidents. I’ve identified the specific digital threats common to my industry.
2. Knowing what to protect is essential. As part of your planning, have you identified key assets, valuable data, and systems critical to your business?
- The business’s IRP doesn’t go into this kind of detail. It gives me a broad sense of what’s important, but without specifics.
- All assets, data and systems in the plan have been given equal consideration.
- My business’s plans have had a lot of thought put into them. I’ve identified what is essential to protect and why these assets need more attention than others.
3. Plan for all events. With each incident, the threat to your data differs. Does your IRP cover a response to each major incident type you’re likely to encounter?
- Our broad-based Incident Response Plan should assist in most situations.
- Our IRP broadly covers digital breaches but does not have individual responses to particular digital threats.
- Our business has identified our major threats, so our IRP has individual plans for each likely situation.
4. Know who needs to do what and when. Do staff and management know their roles in the event of an incident?
- The plan doesn’t identify individual roles and responsibilities clearly. Resources will need to be allocated ad hoc.
- Management have been briefed on the plan and they will allocate the roles to the rest of the team as needed.
- Management and staff understand their roles and responsibilities and have received the training they need. They will jump into action and execute the response plan.
5. Have your resources ready to go. Are all key tools collated and ready to use in the response?
- These resources in the plan still need to be identified and organised.
- Most of what the business needs isn’t collated in an indexed fashion.
- Appended to the plan via an indexed system are complete and comprehensive contact lists, specific checklists for each situation, and relevant guides for use.
6. Tell the people that need to know. What is your process for alerting necessary stakeholders?
- Our business isn’t across the Privacy Act regulations and has no formal process for making contact.
- Each section of the plan has a guide on who to contact according to the incident type and the business is up-to-date with Privacy Act requirements, but there is no formal process for alerting relevant contacts.
- The plan includes a response framework specifically designed to alert relevant parties including board members, suppliers, and external agencies that might be impacted.
7. Public perception needs to be a priority. How does your plan fulfil the need to protect your public reputation?
Telstra Security Report 2019, for businesses large or small, customer experience is everything, and “increasingly customers are actually asking businesses about privacy, what’s happening to their data and how it is being used and protected”. In the event of a cyber breach, the reputational damage can outweigh the cost of the incident, so make sure you have a communications strategy.As outlined in the
- I think it is unlikely that news of my incident would reach the broader public. My business is too small for people to notice.
- The business will respond as needed.
- The business has pre-prepared communications advice for customers and clients, allocated a media spokesperson, and approved a messaging framework should the need to talk to media arise.
8. Scheduling is key. How do you maintain your Incident Response Plan? And do you practise it?
- The business developed a plan a while back, but I haven’t had the need to use or update it.
- The business has had it updated from time to time, but it’s rarely practised.
- The business follows a rigorous update schedule and the responsible team practises executing the plan every 3 months, or shortly after each time it is substantially updated.
9. Taking stock. After an incident, what processes do you have in place to review what happened and make updates for the future?
- Business carries on. Our team lacks the time and resources to stop and think about the incident once it has passed.
- The responsible person takes note of whether the incident response plan was useful and in what way, but the learning process isn’t currently fully developed.
- As a matter of process, the business documents every detail of the incident and lists each of the response actions taken.
Security Assessment Reminder
Have you booked your next cyber security assessment? Don't forget as a customer of this service you have access to 4 assessments per year to identify areas for improvement.Book NowSecurity Assessment Reminder