Incident response is a planned approach to addressing and managing the compromise of data or IT systems. The compromise may have been caused by an accidental or malicious action. The aim is to manage the incident so that data loss and corruption is contained and systems can be restored based on recovery time objectives.
DMA is able to provide specific technical services to assist organisations with the identification, containment, eradication and recovery processes as part of an incident response.
The investigation into the cause of an incident is undertaken by DMA’s IT forensics team. The conduct of a forensic investigation requires the creation of an audit trail for the collection and examination of digital media and systems. The aim is to preserve, recover and analyze data and present the findings and opinions identifying the series of activities that led up to an incident.
It is important that an organisation has the capability to manage all incidents (malicious or accidental) that affect its operations. An Incident Management Program helps manage incidents ranging in severity from minor incidents (such as an email server going off-line) through to major incidents (such as the loss of access to an entire building). An Incident Management Program helps ensure that Business Continuity Plans and IT Disaster Recovery Plans are used effectively.
Key Areas of the Incident Management Plan.
A sound Incident Management Program provides assistance throughout the entire life cycle of an incident. At a minimum, it should cover the following key areas:
- definition of an incident;
- escalation procedures;
- roles and responsibilities;
- assessment procedures;
- integration with Business Continuity Plans and the IT Disaster Recovery Plan;
- containment procedures;
- communication procedures;
- remediation actions; and
- learnings from the incident.
It is important that incident management procedures and outcomes of actual incidents are regularly reviewed as part of a continuous improvement process.
DMA has developed and implemented Incident Management Programs across the globe. Our consultants are able to assist organisations with the development, implementation, operation, audit/review and maintenance of an Incident Management Program.
What are the benefits of an Incident Management Plan?
The benefits of an Incident Management Program include:
- Providing guidance to management and staff to effectively respond to an incident or crisis.
- Providing assurance to stakeholders and clients that an incident will be managed effectively.
- Minimising the impact and consequence of an incident.
- Maximising the effectiveness of existing Business Continuity and Disaster Recovery Plans.
- Minimising the exposure and risk to staff.
- Providing a coherent, enterprise-wide approach to incident management
- Providing a co-ordinated response to events that are unforseen in nature.