What’s your approach to keeping incident response plans updated and effective?

2.2k views4 Comments

Sort by:

IT Manager in Construction10 months ago

Work with a Digital Twin of your assets by keeping the processes inside a such of continuous monitoring activity.

Senior Director of IT in Construction10 months ago

Use the IRP for regularly scheduled table-top exercises, noting areas of improvement to make to the IRP afterwards.

Worldwide Strategy & Portfolio, Cross Industry (Supply Chain, ESG, Engineering, Customer Experience, Intelligence Automation, ERP) in Manufacturing10 months ago

Ensuring that incident response plans remain updated and effective is all about making it a priority within the organization. It may not be the most exciting task, but it must be integrated into the overall governance and compliance plans. Regular practice and reinforcement are key. Keeping it front and center in everyone's mind is crucial. Using tools like CrowdStrike can help communicate the importance of these plans clearly. Often, compliance and behind-the-scenes tasks that keep the business running smoothly go unnoticed until there's a problem. Therefore, it's essential to communicate that these plans are a top priority from both top-down and bottom-up perspectives, reminding everyone involved of their importance.

1 Reply

no title10 months ago

Expanding on Elisha's points, our approach combines several strategies. One is fear-based, for lack of a better term. High-profile incidents like those involving CrowdStrike or SolarWinds, which hit mainstream media, help keep these sessions on our calendars. People adhere to these sessions because they understand the potential consequences of lapses.<br><br>Another strategy is incentivization. For enterprise IT leaders or those in charge of specific domains like HR or Finance, their participation in business continuity and disaster recovery planning is a part of their performance reviews, both semi annually and annually. This top-down approach ensures that every group leader has this component in their incentive or performance review plan. While it might seem like a checkbox item for many, it becomes relevant, especially as deadlines approach. This approach helps increase awareness and engagement, ensuring that the plans are completed accurately and on time.<br><br>

Content you might like

Which cybersecurity metrics do you currently use with your board?

We use Microsoft PowerBI extensively at the company. Over 15,000 reports.
For our "corporate" reports, like financials or HR, we centralize those requests and attend them with my team.
We currently "extract" information from multiple systems (ie. SAP, SuccessFactors, CRM, etc...) and put in into a SQL Analysis Services. For interpreting the data we have a Semantics model in PBI.
The problem I see is we can't scale enough to comply with the reporting demands as the semantic model is "unique" and we end up having only one or two developers that can work at a time.
Anyone has an idea how to scale their PBI teams without having to redevelop the semantic model per report?

As technology leaders, where are you seeing the most challenges or gaps?

Executive Support10%

Projects vs. Operations68%

Building a culture of Security15%

Team Completeness5%

View Results

If you could change one thing about how your organization initially implemented its hybrid work structure, what would it be?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%