{"id":1548,"date":"2016-06-09T16:26:43","date_gmt":"2016-06-09T16:26:43","guid":{"rendered":"https:\/\/www.activo.ca\/blog\/?p=1548"},"modified":"2016-06-09T16:26:43","modified_gmt":"2016-06-09T16:26:43","slug":"5-steps-to-create-an-effective-incident-response-program","status":"publish","type":"post","link":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/","title":{"rendered":"5 Steps to Create an Effective Incident Response Program"},"content":{"rendered":"<p>Organizations rely on their data to carry out daily operations. Unfortunately, high-profile breaches are becoming more common <em>and<\/em> costly. In 2015 alone, cyber-attacks saw almost <strong>300 million records leaked and $1 billion stolen<\/strong>. Moving into 2016, it\u2019s important to <a href=\"https:\/\/www.activo.ca\/partners\/security-partners.html\">make sure your online operations and electronic data are secure and protected.<\/a><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-1551 alignright\" src=\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\" alt=\"Cisco Incident Response\" width=\"283\" height=\"140\" \/><strong><br \/>\n<\/strong><\/p>\n<p><strong>But where should you start? <\/strong>In a recent blog, <a href=\"https:\/\/www.activo.ca\/partners.html\">Cisco<\/a> laid out five steps for an effective response program. We\u2019ve summarised them here for you:<\/p>\n<h2>1.\u00a0\u00a0\u00a0\u00a0 Set Up an Incident Response Program<\/h2>\n<p>You can establish an incident response program for your organization by:<\/p>\n<p style=\"padding-left: 30px;\"><strong>1. Identifying a response leader<\/strong>. This person should have a good understanding of the business and be an effective problem solver.<\/p>\n<p style=\"padding-left: 30px;\"><strong>2. Assemble a team of stakeholders<\/strong>. Each should have clearly outlined responsibilities and roles.<\/p>\n<p style=\"padding-left: 30px;\"><strong>3. Draft your response process, establishing documentation standards<\/strong>. Remember, you don\u2019t need to make the plan complicated. It just needs to work for your business and be consistent.<\/p>\n<p style=\"padding-left: 30px;\"><strong>4. Connect people with the tools they need<\/strong>. The good thing is that much of what you need is already likely in place.<\/p>\n<p style=\"padding-left: 30px;\"><strong>5. Understand capability gaps and craft a plan to address them<\/strong>. You can start with a minimum viable process and enhance it over time.<\/p>\n<h2>2.\u00a0\u00a0\u00a0\u00a0 Detect Events<\/h2>\n<p><strong>To discover incidents quickly, rely on sources like<\/strong>:<\/p>\n<ul>\n<li><strong>Internal Users, Monitoring Protocols, and Risk-Assessment Tools<\/strong>: Ultimately, the best way to start is to <em>make your employees aware<\/em>. They should understand the security risks relevant to your business and know how to identify them. If they believe everything is safe, dangerous anomalies will be easier to overlook.<\/li>\n<li><strong>External Customers and Entities<\/strong>: Take advantage of automated monitoring tools \u2013 including analytics of questionable user behaviour or traffic \u2013 as your second line of defence.<\/li>\n<li><strong>Social Media<\/strong>: Bad news travels fast. Monitor social media to make sure you\u2019re not the last one to know.<\/li>\n<\/ul>\n<h2>3.\u00a0\u00a0\u00a0\u00a0 Begin Triage and Containment<\/h2>\n<p>Triage starts as soon as you detect a problem. You need to research the situation to understand it, which will help you determine how you should respond to it.<\/p>\n<p><strong>Ask yourself these questions<\/strong>:<\/p>\n<ul>\n<li>What\u2019s the nature of the problem?<\/li>\n<li>Is it an ongoing event?<\/li>\n<li>Will people outside of your organization hear about the event?<\/li>\n<li>Which services, systems, applications, or products are affected?<\/li>\n<li>Could sensitive data \u2013 including customer or personal information \u2013 be compromised or exposed?<\/li>\n<\/ul>\n<p>After you\u2019ve gained control, you need to contain the event by taking all necessary actions as soon as possible to stop and control the incident and\/or data loss.<\/p>\n<h2>4.\u00a0\u00a0\u00a0\u00a0 Execute Your Response Plan<\/h2>\n<p>After containing the incident, develop a response plan including things like:<\/p>\n<ul>\n<li>Actions necessary to remediate damage.<\/li>\n<li>Notifications and communications you need to issue, both internal and external.<\/li>\n<\/ul>\n<p><strong>Before you can develop a response plan, make sure you fully understand the scope, nature, and cause of the problem<\/strong>.<\/p>\n<h2>5.\u00a0\u00a0\u00a0\u00a0 Undertake Remediation<\/h2>\n<p>After completing all the activities outlined in your response plan, you need to review the incident\u2019s status and any lessons you learned from it. Taking effective actions afterwards can help you improve data security practices in the future.<\/p>\n<hr \/>\n<p><strong>Activo is proud to be partnered with Cisco, providing advanced, leading-edge network solutions.\u00a0<\/strong><a href=\"https:\/\/www.activo.ca\/contact.html\"><strong>Contact us today to discuss the networking technologies that will be right for your business.<\/strong><\/a><strong>\u00a0\u00a0<\/strong><\/p>\n<p><strong>More from Activo:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.activo.ca\/blog\/ciscos-ip-phone-8800-series-offers-a-full-suite-of-voice-communication-features\/\">Cisco\u2019s IP Phone 8800 Series Offers a Full Suite of Voice Communication Features<\/a><\/li>\n<li><a href=\"https:\/\/www.activo.ca\/blog\/why-flexibility-is-essential-in-your-unified-communications-and-voice-solution\/\">Why Flexibility Is Essential in Your Unified Communications and Voice Solution<\/a><\/li>\n<li><a href=\"https:\/\/www.activo.ca\/blog\/highlights-from-ciscos-visual-networking-index-global-mobile-forecast-2014-2019-whitepaper\/\">Highlights from Cisco\u2019s Visual Networking Index Global Mobile Forecast 2014-2019 [Whitepaper]<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Organizations rely on their data to carry out daily operations. Unfortunately, high-profile breaches are becoming more common and costly. In 2015 alone, cyber-attacks saw almost 300 million records leaked and $1 billion stolen. Moving into 2016, it\u2019s important to make sure your online operations and electronic data are secure and protected. But where should you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1952,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[38],"tags":[],"class_list":["post-1548","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-physical-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>5 Steps to Create an Effective Incident Response Program | Activo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5 Steps to Create an Effective Incident Response Program | Activo\" \/>\n<meta property=\"og:description\" content=\"Organizations rely on their data to carry out daily operations. Unfortunately, high-profile breaches are becoming more common and costly. In 2015 alone, cyber-attacks saw almost 300 million records leaked and $1 billion stolen. Moving into 2016, it\u2019s important to make sure your online operations and electronic data are secure and protected. But where should you [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\" \/>\n<meta property=\"og:site_name\" content=\"Activo\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ActivoCanada\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-09T16:26:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"460\" \/>\n\t<meta property=\"og:image:height\" content=\"230\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Activo Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@activocanada\" \/>\n<meta name=\"twitter:site\" content=\"@activocanada\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Activo Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\"},\"author\":{\"name\":\"Activo Team\",\"@id\":\"https:\/\/www.activo.ca\/#\/schema\/person\/b25e0124f7cd12b957d3d94e71d009bb\"},\"headline\":\"5 Steps to Create an Effective Incident Response Program\",\"datePublished\":\"2016-06-09T16:26:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\"},\"wordCount\":575,\"publisher\":{\"@id\":\"https:\/\/www.activo.ca\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\",\"articleSection\":[\"Physical Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\",\"url\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\",\"name\":\"5 Steps to Create an Effective Incident Response Program | Activo\",\"isPartOf\":{\"@id\":\"https:\/\/www.activo.ca\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\",\"datePublished\":\"2016-06-09T16:26:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage\",\"url\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\",\"contentUrl\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg\",\"width\":460,\"height\":230},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.activo.ca\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"5 Steps to Create an Effective Incident Response Program\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.activo.ca\/#website\",\"url\":\"https:\/\/www.activo.ca\/\",\"name\":\"Activo\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.activo.ca\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.activo.ca\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.activo.ca\/#organization\",\"name\":\"Activo\",\"url\":\"https:\/\/www.activo.ca\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.activo.ca\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2023\/03\/logo_black.png\",\"contentUrl\":\"https:\/\/www.activo.ca\/wp-content\/uploads\/2023\/03\/logo_black.png\",\"width\":171,\"height\":60,\"caption\":\"Activo\"},\"image\":{\"@id\":\"https:\/\/www.activo.ca\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ActivoCanada\",\"https:\/\/x.com\/activocanada\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.activo.ca\/#\/schema\/person\/b25e0124f7cd12b957d3d94e71d009bb\",\"name\":\"Activo Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.activo.ca\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e76fa9b97ebb6bb7b139977582f880fd2bb95046e5063f06c6e45c3424a388d5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e76fa9b97ebb6bb7b139977582f880fd2bb95046e5063f06c6e45c3424a388d5?s=96&d=mm&r=g\",\"caption\":\"Activo Team\"},\"sameAs\":[\"https:\/\/www.activo.ca\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 Steps to Create an Effective Incident Response Program | Activo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/","og_locale":"en_US","og_type":"article","og_title":"5 Steps to Create an Effective Incident Response Program | Activo","og_description":"Organizations rely on their data to carry out daily operations. Unfortunately, high-profile breaches are becoming more common and costly. In 2015 alone, cyber-attacks saw almost 300 million records leaked and $1 billion stolen. Moving into 2016, it\u2019s important to make sure your online operations and electronic data are secure and protected. But where should you [&hellip;]","og_url":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/","og_site_name":"Activo","article_publisher":"https:\/\/www.facebook.com\/ActivoCanada","article_published_time":"2016-06-09T16:26:43+00:00","og_image":[{"width":460,"height":230,"url":"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg","type":"image\/jpeg"}],"author":"Activo Team","twitter_card":"summary_large_image","twitter_creator":"@activocanada","twitter_site":"@activocanada","twitter_misc":{"Written by":"Activo Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#article","isPartOf":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/"},"author":{"name":"Activo Team","@id":"https:\/\/www.activo.ca\/#\/schema\/person\/b25e0124f7cd12b957d3d94e71d009bb"},"headline":"5 Steps to Create an Effective Incident Response Program","datePublished":"2016-06-09T16:26:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/"},"wordCount":575,"publisher":{"@id":"https:\/\/www.activo.ca\/#organization"},"image":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg","articleSection":["Physical Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/","url":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/","name":"5 Steps to Create an Effective Incident Response Program | Activo","isPartOf":{"@id":"https:\/\/www.activo.ca\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage"},"image":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage"},"thumbnailUrl":"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg","datePublished":"2016-06-09T16:26:43+00:00","breadcrumb":{"@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#primaryimage","url":"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg","contentUrl":"https:\/\/www.activo.ca\/wp-content\/uploads\/2016\/06\/Cisco-Incident-Response.jpg","width":460,"height":230},{"@type":"BreadcrumbList","@id":"https:\/\/www.activo.ca\/blog\/5-steps-to-create-an-effective-incident-response-program\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.activo.ca\/"},{"@type":"ListItem","position":2,"name":"5 Steps to Create an Effective Incident Response Program"}]},{"@type":"WebSite","@id":"https:\/\/www.activo.ca\/#website","url":"https:\/\/www.activo.ca\/","name":"Activo","description":"","publisher":{"@id":"https:\/\/www.activo.ca\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.activo.ca\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.activo.ca\/#organization","name":"Activo","url":"https:\/\/www.activo.ca\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.activo.ca\/#\/schema\/logo\/image\/","url":"https:\/\/www.activo.ca\/wp-content\/uploads\/2023\/03\/logo_black.png","contentUrl":"https:\/\/www.activo.ca\/wp-content\/uploads\/2023\/03\/logo_black.png","width":171,"height":60,"caption":"Activo"},"image":{"@id":"https:\/\/www.activo.ca\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ActivoCanada","https:\/\/x.com\/activocanada"]},{"@type":"Person","@id":"https:\/\/www.activo.ca\/#\/schema\/person\/b25e0124f7cd12b957d3d94e71d009bb","name":"Activo Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.activo.ca\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e76fa9b97ebb6bb7b139977582f880fd2bb95046e5063f06c6e45c3424a388d5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e76fa9b97ebb6bb7b139977582f880fd2bb95046e5063f06c6e45c3424a388d5?s=96&d=mm&r=g","caption":"Activo Team"},"sameAs":["https:\/\/www.activo.ca"]}]}},"_links":{"self":[{"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/posts\/1548","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/comments?post=1548"}],"version-history":[{"count":0,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/posts\/1548\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/media\/1952"}],"wp:attachment":[{"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/media?parent=1548"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/categories?post=1548"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.activo.ca\/wp-json\/wp\/v2\/tags?post=1548"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}