Stop what you are doing. Pull out your written Incident Response Process or Plan (if you have one at all). Now, think about this. When is the last time it was physically touched? Is it literally dusty? Does the date on it read one year ago? Two years? Three years or more?

Next, try to remember why you wrote this Incident Response process. Was it to have a checkbox checked for compliance? Did you even write it yourself? Did you inherit this plan from someone else?

Are you suddenly gasp thinking about these outdated IR plans? It’s time to revisit them….

Now which one is the IR plan again?

Your Incident Response process should be a living, breathing document, updated as your network, staff, and company change. How effective is a document that has outdated device info, staff names, contact information, etc.? Do you realize that your IT team isn’t the only team involved in a proper response? Consider that IT, Legal, HR, Marketing, Executive, the Board of Directors, and more have their own specific role in a true breach.

The new threat landscape

One thing that all mature InfoSec practices now realize is that it’s not if but when their organization will be breached. Preparation is the key to be able to minimize the damage from the attack or attempted attack.

Defense in layers has been preached for years, and while still important, resilience has to be taken into consideration. Defense and alerting allows you to find the threat quickly, but resilience is how you recover and not miss a beat.

Compliance is important, but should be an afterthought when proper security is followed. As long as you employ the right measures for security, its strength can check the compliance boxes for you.

Incident Response is about more than a plan

Consider that the Incident Response process is less valuable without the proper data to investigate.

An organization must store forensic quality, raw logs to be able to dig back in the past. In addition, there are tools available that help by continuously recording 100% of all activity and visualizing the complete attack kill chain empowering real-time response and remediation.