Special Interest Group: Women in Information Management (WIIM)

 View Only
  • 1.  Incident Response Plans - Curious of Your Approaches

    Posted 10-22-2020 12:20
    All,
      I have seen two distinct camps when it comes to IRPs.  Some are extremely lean and simply point to SOPs, other policies, etc.  While others are very comprehensive leaving almost no stone unturned and leaving very few decision requirements during an incident response.  What camp are ya'll in and what was the decision factor to go one way or the other?  If you are on the leaner side, are all of the policies and SOPs available for all team members and in a convenient place to review? When doing tabletop exercises have you seen issue with the ISP and had to rethink how it was done?  I don't know that there is a one size fits all answer but I would like to know what most people are doing as I am newer to this space and looking to observe best practices.  I have been doing a lot of reading on the NIST site as well as a plethora of other publications and would appreciate your feedback.

    ------------------------------
    Cheers,
    Amy Harrelson
    ------------------------------


  • 2.  RE: Incident Response Plans - Curious of Your Approaches

    Posted 01-05-2021 14:35
    Do you mean incident response plans or business continuity plans?  We are having each business unit create their own high level business continuity plan (how would they continue to operate in a disaster, power or connectivity outage) in RSA Archer.  This is an annual exercise that runs through an approval process workflow; and is kicked off with an executive awareness meeting.  The tabletop exercises are part of the disaster recovery testing process where actual failovers to a DR site cannot be done because the risk is not accepted.   These DR exercises involve an IT person and business unit teams addressing specific applications based on the DR tiers such mission critical and critical.  We are further building out the process and framework over 2021.  Not a one size fits all process.

    ------------------------------
    Lorelei Chernyshov, CIP, IGP
    Merrick Bank
    Assistant Vice President, Information Governance
    ------------------------------



  • 3.  RE: Incident Response Plans - Curious of Your Approaches

    Posted 01-05-2021 15:02
    IRP is what I am referring to with this post.  Continuity of Operations is another issue that has tie ins but not  what I am looking at right now.  

    Amy





  • 4.  RE: Incident Response Plans - Curious of Your Approaches

    Posted 01-06-2021 10:37
    We have a single high level IRP policy that is the overaching guide for individual business unit IRPs to roll up into.

    ------------------------------
    Lorelei Chernyshov, CIP, IGP, MSLS Data Privacy & Cybersecurity
    Assistant Vice President, Information Governance
    Merrick Bank
    ------------------------------