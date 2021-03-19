When it comes to dealing with an unplanned and potentially disruptive event that affects the security and integrity of an organization's IT infrastructure, incident response plans are the first line of defense. Without an incident response plan in place, an organization's response to an incident -- especially a cyber attack -- could be haphazard and disastrous. Incident response plans can be created and implemented manually -- for example, by using a template such as the one provided by TechTarget. Many organizations, however, are moving beyond this approach and using automated incident response services that address all aspects of an incident response.

Numerous software-based products are available for consideration. These can range in cost from under $200 to several thousands of dollars. Many software-based business continuity and disaster recovery (BCDR) systems include integrated incident response modules, which can help launch or update an incident response initiative. Third-party service companies, such as cloud service providers (CSPs), may offer incident response modules within their service packages. In short, many ways to build incident response plans are available; it becomes a matter of understanding the business and IT security requirements before selecting an incident response vendor's product or service.

Considerations when choosing an incident response vendor If your organization is already using a third-party managed security or risk management service provider, ask the firm what incident response offerings it has. The same should be asked of CSPs. Using services from an existing provider can make the incident response service selection process much easier. Incident response vendors offer services such as post-breach investigations, ransomware removal and proactive breach response plans. If no incident response plan is in place or no existing vendors are suitable, complete the following steps to identify a suitable service provider: Determine the specific incident response requirements of your organization. This could include threat detection, alert notifications and detailed step-by-step procedures for handling an incident. Research the market for incident response service providers, and review their offerings. Prepare and present a business case to management for approval and funding. Prepare a request for proposal or request for quotation to secure pricing and other elements, such as installation, training, warranties, support for SLAs, maintenance costs, testing capabilities, documentation provided, and technical support and assistance provided. Select a vendor, have contracts reviewed and approved, organize funding, and schedule deployment and training schedules. Complete installation and deployment, and test the system. If possible, test along with BCDR and cybersecurity testing. Set up maintenance, performance review and testing schedules. As with any new technology or process, be sure to prepare and/or update policies and procedures for incident response activities.