The plan should contain the following information necessary to maintain or resume operations and respond to an information security incident:
- Names, roles and contact information for the Incident Response Team (IRT), staff, vendors (including vendors needed to respond to an incident), and key clients
- Regulatory, contractual and compliance requirements
- An overview of critical business functions, criticality of those functions, and resources needed to maintain or resume operations
- Recovery procedures for various scenarios
- An inventory of all hardware needed for the Organization business operations, including servers, workstations, laptops, printers, faxes, cell phones, firewalls, routers, switches, wireless access points, etc.
- An inventory of all software needed for the Organization business operations, including workstation software and on-line software (SaaS)
- An inventory of all connectivity required, including Internet, telecommunications and wide area networks (WANs)
- An inventory of critical IT documents
- Location of all critical business information, including back-ups and shared folders
- Location of passwords and encryption keys
- An inventory of vital business records
The consolidated plan documents high-level procedures to follow in the event of a suspected security incident.
The plan also documents operational workarounds in the event of an information continuity disruption to the Organization’s business operations.
The plan documents how employees will communicate, from where they will work, and how they will keep working in the event of:
- Physical disruptions
- Telecommunications disruptions
- Disruptions to hardware / software
- Unavailability of key personnel
Contributed by Citadel Information Group.
© Copyright 2017. Citadel Information Group. All Rights Reserved.