If a cyber security incident should occur, here's a helpful list of key questions you need to ask yourself that will help shape your response.
These questions should help you respond to a cyber security incident. However, this is only part of the process you should be following. Check out how to Establish an Incident Management Plan which includes; prevention, monitoring, triage, responding and resolution.
Emergency Incident Checklist
- Have you called the experts? Get specialist help if needed. Do not necessarily rely on family, friends or talented amateurs to diagnose the problem and solution - a specialist at short notice could cost you less in the long-term than getting your response wrong.
- Can you contact affected customers directly if required, and what will you tell them?
- What response is your business taking to rectify the situation? For example, resetting passwords, implementing new security procedures, remotely locking or wiping a mobile device, or temporarily suspending services and business.
- Does this incident require you to contact and advise the Policy, Privacy Commission, or other regulatory body?
- Who is on your emergency call-tree or incident management team and are these contact details up to date? It is critical to have cellphone numbers for outside working hours.
- Who is leading your incident response? For example, the first identifier, senior management, or someone else?
- Do you have a conference call number so all parties can share updates and progress with managing the response?
- Do you have or know media experts who can manage enquiries if required? This includes managing the situation on social media where the rules of engagement are different.
This is a high level process that can be adapted to suit businesses of all sizes.
Note: This guide is based on the model developed by the Computer Security Incidence Response Teams at the CERT Division of the SE1 [Alberts 2004].