Skip To Navigation Skip To Content Skip To Footer
    Member Tool
    Home > Member Tools
    Cristy Good
    Cristy Good, MPH, MBA, CPC, CMPE

    An incident response plan allows practices to respond quickly and appropriately to information security incidents. An incident response plan and procedures must be tested at least annually and updated as needed to comply with industry standards.

    • An “event” is an observed change in normal behavior of the system, environment, process, workflow or personnel.
    • An “incident” is a violation or possible violation of computer security policies and procedures that could jeopardize the integrity, confidentiality or availability of information resources or operations. The incident may or may not lead to a negative adverse event.

    The National Institute of Standards and Technology ( has numerous resources and templates to help develop cybersecurity policies and procedures. The SANS Institute ( offers industry training and resources on cybersecurity, and the Cybersecurity & Infrastructure Security Agency (CISA, has pertinent information on cybersecurity essentials as well.

    Sign in to access this material

    Sign In Become a Member

    Explore Related Content

    More Member Tools

    Ask MGMA
    Reload 🗙