What is an Incident Response Plan? What Should it Contain?

An incident response plan is a roadmap or guide for implementing your incident response capability. Your incident response capability is your incident response team, incident response strategies, and any other resources your organization has to handle incidents. In the case of this article the incident response plan will be focused on cybersecurity incidents.

• Statement of management approval and commitment to the incident response plan
• The purpose and objective of the incident response plan
• The scope of the incident response plan
• A definition that defines a cybersecurity incident
• A list of roles (incident response team members, relevant management)
• A list of cybersecurity incident severity ratings and their associated priorities
• How your organization intends to use to measure the performance of your incident response capability
• A road map for improving your incident response capability
• Your incident response procedures
• Incident response handling checklists for common cybersecurity incidents
• Your organization’s incident reporting requirements
• Any reporting and contact forms your organization is required to use

Companies with level 2 or higher CMMC requirements will need to have an incident response capability inplace. This includes being able to detect and respond to incidents, analyzing incidents, reporting incidents to relevant third parties (such as the DoD), testing incident response capabilities, and having plans in place to deal with common incidents. If you would like more information on your cybersecurity maturity model certification (CMMC) related requirements reach out to us at info@lakeridge.us.