Having an Incident Response Plan is definitely a priority for any organization. Once you have an outline of who has security incident responsibilities it is important ensure they have the proper training on dealing with those specifics. There are different levels of responsibility in dealing with security incidents:
- Regular User Training
-
-
- How to recognize an incident such as a phishing attempt or potential malware
- How to report an incident and who to contact
-
- System Administrator’s Training
-
-
- How to remediate or handle an incident such as malware or phishing attempts
- How to document the remediation of an incident
- The appropriate people that should be notified of specific incidents
-
- Incident Responder’s Training
-
-
- Specifics on reporting incidents
- How to recover systems
- Follow-Up on any needed changes in the Incident Response Plan
-
Quick Tip: Make sure you are able to get to the plan in case your file share goes down or you’re not able to access your device. Try having a printed copy in a safe or a copy on a separate cloud storage service, or both!
Incident Response training should be conducted on an annual basis for everyone. Refresher training should be conducted when there are system changes or changes to the plan, as well. As always, your training processes and procedures should be formally documented and made available to the appropriate people within your organization.
