Your Challenge Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image. The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources. Our Advice Critical Insight Organizations can’t rely on “out-of-the-box” classifications anymore. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases. Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and patterns regarding incidents leads to being re-victimized by the same vector. Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats. Impact and Result Short term: Streamline the process of formalizing an incident management program customized to your organization-specific needs. Respond faster and more effectively by leveraging a mature process rather than starting from scratch. Long term: Once the program is in place, damage will be minimized. As incidents are properly tracked, analyzed and handled according to a well-defined process, potential breaches will be reduced to minor incidents.

1. Develop and Implement a Security Incident Management Program
Don’t be reactive: respond to incidents proactively.
Security incidents are inevitable for every organization and they can turn into costly security breaches. According to a 2013 Kaspersky Lab report,
91% of companies surveyed had at least one external security incident; 85% had at least one internal security incident. (Kapersky Lab, 2013)
A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.
Poor incident response negatively affects business practices including workflow, revenue generation, and public image.
[Problem] Out-of-the-box incident classifications often offer too much coverage. Too many irrelevant cases that are not applicable to the
organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about.
[Solution] Develop specific incident use cases to correspond with relevant incidents in order to consistently identify the response process and
eliminate ambiguity when handled by different individuals at different times.
IT professionals wearing a security hat better get used to increased pressure from business to step up their security game as paranoia over being
breached will reach new heights.
Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and
patterns regarding incidents leads to being re-victimized by the same vector. Establish communication processes and channels well in advance of a
crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.

8. http://www.infotech.com/research/ss/develop-and-
implement-a-security-incident-management-
program