ABSTRACT
Data breaches can cripple a company. Having an incident response (IR) plan is Cyber 101 and required by all regulations. However, there are many elements to consider. This chapter will provide a high-level overview of the best practices for incident response. Incident response plans document the steps to follow in the event of a data breach or business interruption. The plans vary based on the type and severity of the incident.
Cybersecurity incident response plans are a formalized and coordinated method to respond to security incidents affecting digital assets. If you have identified an incident, you are not alone. Do not panic and follow your incident response plan. Do not shut down any of the suspected systems. You will need this information for forensic investigations. Do not use the domain admin credentials. The attackers are waiting for you to do just that to obtain the password to obtain complete control over your environment. Do not run any non-forensic software on the suspected infected systems since you will overwrite the Master File Table.
Additionally, if you have cyber insurance, the carrier will most likely require you to utilize its incident response team, in conjunction with yours. We will focus on how to set up a set of incident response plans.
