There can be a lot of technical things in your cybersecurity incident response framework.
You can detail triggers and indicators.
Or spell out triage and mitigation strategies.
And you will likely have best practices listed for recovery.
But forget about the technical details for a minute. What does the heart, or spirit, of your cybersecurity incident response plan feel like? And what does it communicate to the IR team?
Kevin Klein, Director of Colorado Division of Homeland Security and Emergency Management, was sharing what it should feel like during a presentation November 1st at our SecureWorld Denver conference.
He says everyone involved in an incident response must be of one mind—kind of like your incident response framework has a single heartbeat:
Do you agree that this is an essential part of a cybersecurity incident response plan?
Lastly, Klein told us after any incident, it's time to review how things worked and revise where needed to keep the heartbeat of the incident response framework going strong.