No matter how secure an industrial facility is, eventually it will experience an event that has possible security implications. When this occurs it is vital to have a well established policy for responding to the event. Many times we have worked with companies that believe they are being attacked but don’t know how to deal with it, delaying their response until the situation has become critical. In other reported situations, companies have over reacted to a possible security event and have caused more harm to their operations through their response than the incident would have caused. Rather than waiting until they were in crisis, these firms should have established a policy for incident response so they can act quickly and effectively in times of crisis.
Typically there are a number of steps in creating an effective security incident response program for responding to security incidents. Byres Research can offer a strategy based on the following core activities:
- Incident Policy - Defining the goals and objectives for handling potential incidents
- Incident Identification - Defining the means for identifying an incident (is it an incident and how serious is it?).
- Incident Reporting - Defining who should be notified in the case of an incident, by what means and within what time frame. This should include the individuals and groups inside the company (such as operations units, managers and security personnel) as well as external organizations (such as law enforcement and public Computer Emergency Response Teams (CERT).
- Incident Handling - Defining what should be done when a possible incident has occurred. This will include procedures for containment, eradication, recovery, data collection/protection and incident follow-up and review.
Byres Security Inc. and Byres Research
P.O. Box 178
Lantzville BC V0R 2H0
Phone: 250-390-1333
Fax: 250-390-3899
For more information email info@ByresSecurity.com
