While no one wants to spend more time than necessary worrying about what may happen in the future, research shows that not enough companies think about the impact that a cyber attack could have on their business. The reality is that it’s not IF an attack happens but WHEN it occurs.
As part of a comprehensive cyber security plan, we suggest (and can create and provide) a host of policy documents to help a company plan for these worst-case scenarios. By having well thought out and detailed policies in place for things like acceptable use of company resources and incident response, a company can mitigate their risk when the next attack occurs.
The number of potential policies is vast but not every company needs every kind of policy. In addition, each policy should reflect what is important to each company and what is required to ensure the continuity of the business in the event of an attack, disaster, or breach. This is why we create customized policies that are created with the input of company executives so that the policies are effective for their company and mitigate the specific risks facing their business.
An Acceptable Use Policy (AUP) is a policy that stipulates constraints and practices that a user must agree to before being granted access to a corporate network. An AUP is essential to protect the security of the network as well as the security of the company in the event of employee wrongdoing. Companies must protect their assets by establishing and enforcing clear rules governing computer and network usage. AUP’s should include sections on acceptable use, unacceptable use, the security of software and hardware, confidentiality, privacy monitoring expectations, and enforcement of violations, among other things.
An Incident Response Plan (IRP) is a set of written instructions that outline the organization’s response to network events, security incidents, and confirmed breaches. A well-defined IRP allows you to effectively identify, minimize the damage, and reduce the cost of a cyber attack, while finding and fixing the cause to prevent future attacks. The purpose of an IRP is to prevent damages like service outage, data loss or theft, and illicit access to organizational systems. Most IRP’s include an overview; a list of roles and responsibilities; a list of incidents requiring action; the current state of the network infrastructure and security safeguards; detection, investigation, and containment procedures; and steps toward eradication.
A Configuration Management Plan (CMP) is a process of identifying and documenting hardware components and software and the associated settings with each. A CMP is essential to disaster recovery because it’s impossible to recover your system to a stable configuration if you don’t know what that configuration was before the attack. Most CMP’s include documentation of new system components and software, system hardening and baselining requirements, change management processes, and patch management procedures.
While similar to an Incident Response Plan, the purpose of a Contingency/Disaster Recovery Plan (DRP) is primarily to provide business continuity after disruption from man-made or natural causes. All DRPs need to encompass how employees will communicate, where they will go, and how they’ll keep doing their jobs in the event of a disaster such as a fire, hurricane, or theft. This policy should also specify which people are responsible for declaring a disruptive event and mitigating its effects and should establish a process for locating and communicating with employees after such an event.