Cyber security incident response policy
This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident.
Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal contract: it is a cheat sheet, helping its users react fast, and in the way that your organisation has planned. It may, as a first attempt, help organisations who are yet to plan for a cyber incident explore what they might need to do in the case of a breach. Unlike policies for IT system users, which are often hidden away in employee handbooks etc., you may wish to place all or part of this policy in a prominent location, on employee noticeboards etc. so that it is easy to find.
It will result in a short document outlining: (i) some things for policy users to look out for, which may signal that the system has had a cyber security breach; (ii) what a policy user should do if they make a mistake; (iii) who within the organisation is notified in the case of a breach; (iv) what the responsibilities of each individual notified will be (so that no critical activity is missed and the people notified do not duplicate tasks for example, the last thing your organisation needs during a breach is two spokespeople telling the press conflicting information!)
This document was created and is maintained by Emma Osborn, an independent cyber security consultant specialising in the support of smaller organisations as they develop their cyber security processes. Visit https://www.ocsrc.co.uk for more information.Ask about this document
Cyber security incident response policy contents
- Introduction : security incidents are a significant risk; security breach recognition; cyber breaches are common; responding as fast as possible is key.
- Who you should contact if you think there's been cyber security incident?: appointed person for security incidents.
- What might indicate that there has been a breach?: when cyber security breach occurs.
- What do I do if I make a mistake?: mistakes.
- I'm the incident coordinator, who do I notify, what are their roles?: who to notify upon discovery of breach indicator; informing ICO of data breach.
- What are the responsibilities of the members of the incident response team?: technical incident response; data protection officer incident responsibilities; cyber insurance incident responsibilities; communications incident responsibilities; senior management incident responsibilities; operations managers incident responsibilities.