Incident Response Plans are created with attention to specifics so they can be followed if and when a breach incident takes place. The idea behind a plan is not to have to think while it is being implemented.
Omega ATC is thorough in creating these plans for our customers as it is the only document which details what should be done, who should be involved, how a breach should be contained, what is considered as critical information, and the list goes on.
Many organizations prepare an Incident Response Plan after a breach occurs. It is important to practice the plan every year or twice a year so the steps are clear and can be improved as needed. Incident response plans are mandatory for all Level 1 and 2 merchants, and most importantly for organizations that have already been through a breach. It is a requirement of the Payment Card Industry Data Security Standards (PCI DSS).
Here are a few points to consider for an Incident Response Plan as recommended by NIST 800-61 Rev 2:
- Include actual scenarios on the plan
- Consider the worst situations and do a mock drill
- Include all departments, create a scenario and consider all steps that need to be taken
- Have a list of which agencies to call and know when to notify them — county, state, federal
- Document everything while doing the drill and during a real incident
- Have a dedicated individual or group to the plan so it is an accountable action
- Table top exercises need to involve stakeholders and department heads of every department
Test the plan and make it mandatory. Practices and tests may be cumbersome but once a year can prove to be useful.
Work with Omega to help you create an Incident Response Plan. Omega has worked with retailers of all sizes to get them compliant. No challenge is too big for Omega. Contact Omega if you need assistance with gap analysis/PCI readiness, create a secure network environment, gather evidence for a Qualified Assessor’s audit, or remediation of gaps.