An incident response plan allows practices to respond quickly and appropriately to information security incidents. An incident response plan and procedures must be tested at least annually and updated as needed to comply with industry standards.
- An “event” is an observed change in normal behavior of the system, environment, process, workflow or personnel.
- An “incident” is a violation or possible violation of computer security policies and procedures that could jeopardize the integrity, confidentiality or availability of information resources or operations. The incident may or may not lead to a negative adverse event.
The National Institute of Standards and Technology (www.nist.gov) has numerous resources and templates to help develop cybersecurity policies and procedures. The SANS Institute (www.sans.org) offers industry training and resources on cybersecurity, and the Cybersecurity & Infrastructure Security Agency (CISA, www.cisa.gov) has pertinent information on cybersecurity essentials as well.