Incident Response Plans are created with attention to specifics so they can be followed if and when a breach incident takes place. The idea behind a plan is not to have to think while it is being implemented.
Omega ATC is thorough in creating these plans for our customers as it is the only document which details what should be done, who should be involved, how a breach should be contained, what is considered as critical information, and the list goes on.
Many organizations prepare an Incident Response Plan after a breach occurs. It is important to practice the plan every year or twice a year so the steps are clear and can be improved as needed. Incident response plans are mandatory for all Level 1 and 2 merchants, and most importantly for organizations that have already been through a breach. It is a requirement of the Payment Card Industry Data Security Standards (PCI DSS).
Here are a few points to consider for an Incident Response Plan as recommended by NIST 800-61 Rev 2:
Test the plan and make it mandatory. Practices and tests may be cumbersome but once a year can prove to be useful.
Work with Omega to help you create an Incident Response Plan. Omega has worked with retailers of all sizes to get them compliant. No challenge is too big for Omega. Contact Omega if you need assistance with gap analysis/PCI readiness, create a secure network environment, gather evidence for a Qualified Assessor’s audit, or remediation of gaps.
omegasecure.com, 664-557-7777, security@www.omegasecure.com
