DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Monday, 04 March 2019 16:12

What should a cyber incident playbook include?

Charlie Maclean Bristol explains why developing a playbook for the main types of cyber attacks will help businesses response effectively when an attack occurs. He also provides a checklist covering the areas that such a playbook should include.

When I first thought about cyber playbooks I envisaged the playbook helping senior management or the crisis team make a key decision in a cyber incident, such as, whether or not to unplug the organization from the internet and prevent any network traffic on the organization’s IT network. As this is a critical decision for the organization and the consequences of making the wrong decision are huge, this type of playbook would help the team understand, at short notice, what factors they should consider and the impact of the different decisions they could make.

I was running a cyber exercise a couple of weeks ago and suddenly thought that there was a need for another type of playbook, which is basically a plan for how to deal with different types of cyber attack. As we know, the more planning we do the better prepared we will be for managing an incident, and thinking through how we would respond throws up questions and issues which we can work to solve, without the cold sweat and pressure of the incident taking place.

Cyber response should be in two parts. Firstly, you need an incident management team to manage the consequences of the cyber-attack. This team is separate from a cyber incident response team, who should deal with the technical response, and should concentrate on restoring the organization’s IT service. The organization’s incident management team can be the same as the crisis management team, as they are going to be dealing with the reputation and strategic impacts of the incident.

...

https://www.continuitycentral.com/index.php/news/technology/3784-what-should-a-cyber-incident-playbook-include