Based on expert recommendations, here are three steps to follow in creating a PIR:
- Create an incident report:
While technically one of the final steps in the initial incident response, the creation of a detailed incident report can only improve the effectiveness of a PIR. In particular, this step in the process should record and present metrics garnered from incident analysis. At a minimum, an incident report should include a timeline with key details such as when the issue was first detected, when and if the incident escalated in severity and even which remediation tasks attempted respectively had positive, negative or non-observable impacts on the situation, according to VictorOps. Other important details to note in the timeline include the names of the first people to acknowledge the issue following the discovery of an incident, as well as the nature of any information exchanged in conversations between them at the time. - Monitor the situation post incident and respond accordingly:
After an incident report has been created, an organization can use the information recorded to help figure out which aspects of an affected system or network should be monitored to help create a long-term plan. At this point, those completing the PIR should have answered initial questions related to incident detection, response and resolution, among others, such as “how can we know more quickly?” and “how do we recover more quickly?” As a whole, the plan should also detail what was learned from an incident in terms of the people, processes and technology involved. Other information that might be gathered includes community and stakeholder reactions to the incident along with responses from the organization’s higher ups and counterparts in the industry. - Coordinate, update and implement the mitigation plan:
Based on the metrics and information gathered from the initial incident response and subsequent post-incident monitoring activities and fixes, organizations can create a well-rounded long term plan to prevent similar incidents from occurring. According to Digital Guardian, this includes the creation of what are known as enhanced security initiatives; for example, system management should employ cybersecurity controls to stay in compliance with their incident mitigation plan, such as continued monitoring, administrator privileges, intruder detection alerts, and data and malware protection.
Help your organization stay compliant with the latest regulations and requirements by visiting ProcessMAP’s website and viewing its selection of mobile application solutions.