Verizon report offers recipe for honing incident response plans

If, as experts say, a data breach at every organization is inevitable, arguably the CISO’s first line of defence is an incident response plan. Incident response is what organizations do to prevent a breach of security controls from becoming a data breach.

The problem, according to a report from Verizon released earlier this month, is that if a survey is representative, even those who have created IR plans haven’t got it right. While most (79 per cent) of the 125 assessed organizations the company questioned between 2016 and 2018 had an IR plan in place, fewer than half (48 per cent) had what Verizon considers a logically constructed, efficient plan.

Among the flaws: More than one third (43 per cent) didn’t fully designate internal IR stakeholders; and  71 per cent didn’t describe end-user security awareness training. Only 40 per cent explicitly specified periodical reviewing, testing, and updating plans, 22 per cent cited no internal security policies or procedures and 38 per cent cited no legal or regulatory requirements (41 per cent partially did so) for cybersecurity, incident response, or data breach notification.

Verizon says its Incident Preparedness and Response Report (registration required) will help IR stakeholders create, maintain or improve their cyber incident mitigation and response efforts.

A reminder: Incident response stakeholders aren’t only in IT. They also include human resources, legal affairs, communications/public relations, physical security as well as others touched by an incident.

Six components

The report says incident response has six components: planning and preparation, detection and validation, containment and eradication, data collection and analysis, remediation and recovery, and post-incident assessment and adjustment. There’s a section of the report for each component. There are also five data breach scenarios, including how the organization responded and lessons learned.

Briefly, the idea is the existing or new IR team should discuss the scenarios and draft (or correct the existing) the response playbooks in the organization’s IR plan to suit possible incidents your organization is likely to face.

For those who don’t know, an IR plan describes roles, responsibilities and authorities for internal IR stakeholders. It identifies incident detection, types of attacks, and severity levels to guide internal IR stakeholders and tactical responders.

For cybersecurity incidents, the report recommends identifying six to eight incident types (for example, unauthorized access, DoS, malicious code, improper usage, scans/probes/attempted access ).

“By defining incident types, stakeholders can prepare for incidents, focus efforts and quickly engage resources when they occur,” says the report. These incident types can also determine topics for specific playbooks that support the overall IR Plan.

Finally, don’t forget to test the IR plan.

For more resources, see our previous stories “How to get the most out of your incident response plan test,“Incident response plan must be tested,” and “What should be in an IR team Go Bag.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now