When it comes to cyber incidents it is important to have a response plan in place.
It has been reported in the media that during the Covid pandemic that cyber incidents have increased.
Cyber incidents can have a negative effect on your business as it can, reduce stakeholder confidence, increase cost, lower efficiency and impact brand status.
Being able to react immediately requires an incident management plan that is effective and efficient.
One of the most important things to think about when starting an incident management plan is Day Zero.
What do we mean by Day Zero?
Day zero is one of the most important periods of any incidents management plan, as it is what you do immediately after an incident has been identified.
It is vital for any subsequent course of action.
The plan will set out the chain of command and guide the reader on what action or actions need to be taken and who is responsible for completing them.
This will occur immediately after, Day Zero, and from here a data incident is declared.
Here are the 7 key objectives for your Zero Day plan:
1.Ensure the business is able to react
The business must be able to react to an incident in an appropriate manner in order to resolve it this is crucial on day Zero.
2. Identify timeframes,
This will be based upon business impact, for response.
3. Chain of command
The chain of command must clearly set out and be easy to follow in order for the plan to run smoothly.
4. Correct staffing involvement
It is important to inform the business of the correct staffing involvement from across the business required at Day Zero.
5. Identify responsibilities and accountabilities
Be sure that staff members are aware of their responsibilities and accountabilities at the very beginning of when an incident occurs.
6. Prepare for the future
Ensure the business is prepared for the future with the actions required to bring an incident response to a satisfactory conclusion.
7. Regulatory and legal obligations
Finally, you must ensure the business is aware of their regulatory and legal obligations should incidents arise (i.e., contact Information Commissioners Office).
With these 7 key objectives for Day Zero in place your plan will be effective in protecting you from cyber incidents as well as allowing you to know how to deal with them should they occur.
With this plan you will cover:
- Key Contacts.
- The chain of command.
- Escalation Criteria.
- High level incident scenarios to drive further desk top review exercises.
- High level Flowchart or process.
- The need for a conference number and its 24/7 availability.
- Initial guidance on legal and regulatory requirements.
When conducting the Day Zero plan, you will see multiple benefits come to light such as:
- Clear understanding of the incident and how to overcome it.
- Identifying roles and responsibilities of stakeholders during the early stage of an incident.
- Provide the nucleus of a robust set of policies and procedures to manage Disaster Recovery (DR) and Business Continuity Planning (BCP).
- Better understanding of how to align to legal and regulatory standards (i.e., Data Protection Act 2018).
- Provide the business with a plan that can influence and inform a wider incident response management document set.
- Ensure the business is better aligned with industry standards and schemes (i.e., Cyber Essentials Plus, ISO 22301 Business Continuity and ISO 27001:2013).
With a clear plan in place from Day Zero you will be at an advantage to deal with cyber incidents as you will be better prepared to take on whatever comes your way. When it comes to cyber incidents Xpertex can help you to have a response plan in advance through the implementation of processes, technology and our people. To find out more, head to www.xpertex.com
