Incident response (IR) plans are designed to test your company’s ability to respond to a security incident. The ultimate goal is to handle the situation so that it limits the damage to the business while reducing recovery time and costs.
Sadly, most IR plans fail to deliver on this promise. For companies that have one — and according to one recent survey, one in three organizations don’t — they are bare-bone, poorly set out and rarely involve any other lines of business (LOB) aside from the InfoSec and IT teams. Many remain rarely tested and reviewed, as thus not fit for their purpose when that incident strikes.