Three Tips for Creating Better Response and Recovery Plans
Response and recovery plans are crucial to reduce the severity and time of security incidents. But many organizations aren’t sure where to start in building their plans. Here are three tips for building a better recovery plan.
Document and Build Plans Around a Baseline
Knowing what you have is key to a successful recovery plan. Use asset and software inventories, existing documentation, and interviews to identify what is currently used at your organization. Interviews can also provide perspective on how critical assets are to an employee’s work.
Complete a Business Impact Analysis to Identify Which Components Should be Brought Up First
If you ask the leader of each business function, they will typically prioritize their own department relatively high. It’s important to have an overall perspective of the organization, and which IT components should be considered in the recovery plan. One way to prioritize this is to complete a business impact analysis.
In a business impact analysis (BIA), an analyst asks about the consequences of an interruption to the business, and the answer provides context to that piece’s importance. It can be done top-down, starting with a business unit, and drilling down into business functions and processes. At its most detailed level, a business impact analysis can go down a long list of IT assets, asking how long the organization can operate without them. This may not be a concrete answer – for example, the climate control system may rise in the ranks during seasons with extreme weather – but it is helpful for identifying consistently critical assets with a low tolerance for outages.
Consider Past History
There’s a famous saying: “the best predictor of future behavior is past behavior”. Data about past incidents can provide valuable insight into the threats an organization is likely to encounter. The most common and highest-impact incidents should be addressed in a recovery plan. This is also a reason to include a “Lessons Learned” phase in incident response. Post-incident documentation grants us the ability to look for trends and gaps in our response process. In addition, past incidents serve as a great template for tabletop exercises.
Want help with your organization’s response and recovery plans? Contact Sedara today. Or, watch the full episode of the Sedara Whiteboard Series.