Citadel’s Consolidated Information Security Incident Response and Business Continuity Plan
When you fail to prepare, you’re preparing to fail — John Wooden
Citadel’s Consolidated Information Security Incident Response and Business Continuity Plan together with its accompanying Excel Workbook Incident-response-management-lists is designed to provide a high-level integrated incident response and business continuity plan for mid-size and smaller size organizations. [1]
The Consolidated Plan
The Consolidated Plan is designed to document high-level procedures to follow in the event of a suspected security incident. It is also designed to document operational workarounds in the event of an information continuity disruption to your business operations.
As an Incident Response Plan, the Consolidated Plan is designed to ensure effective management response to information security incidents by providing practical high-level guidelines for rapidly detecting incidents; analyzing, prioritizing, and handling incidents to minimize loss and destruction; mitigating the weaknesses that were exploited and restoring information services to normal operations.
As an information technology Business Continuity Plan, the Consolidated Plan is designed to ensure an organization’s critical business technology functions will be sustained during and after a significant disruption, either continuing to operate during the disruption or recovering to an operational state within a specified time period.
Consolidated Plan Deliverables
Citadel’s Consolidated Information Security Incident Response and Business Continuity Plan — Deliverables
- A perpetual use, non-exclusive license to Citadel’s Consolidated Information Security Incident Response and Business Continuity Plan, branded with your name and logo
- Incident-response-management-lists (An Excel workbook to be completed by client)
- Security-incident-form (for use in managing a security incident)
- Information-technology-business-continuity-form (for use in managing a business disruption)
- Two (2) hours of implementation support
Implementing the Consolidated Plan
Citadel provides an Excel workbook Incident-response-management-lists as a place to collect and store information necessary to effectively respond to an information security incident and restore operations in the event of a business disruption.
- Names, roles and contact information for the Incident Response Team (IRT), staff, vendors (including vendors needed to respond to an incident), and key clients
- Regulatory, contractual and compliance requirements
- A Business Impact Analysis covering all critical business functions for use in prioritizing system restoration and identifying resources needed to maintain or resume operations
- Specific recovery procedures for high-impact scenarios
- An inventory of all hardware needed for business operations, including servers, workstations, laptops, printers, faxes, cell phones, firewalls, routers, switches, wireless access points, etc.
- An inventory of all software needed for business operations, including workstation software, server software, on-line software (SaaS), and other cloud services
- An inventory of all connectivity required for business operations, including the local area network, Internet, telecommunications and wide area networks (WANs)
- An inventory of critical IT documents
- Location and configuration of all critical business information, including back-ups and shared folders
- Location of passwords and encryption keys
- An inventory of vital business records
Implementation Support
Citadel supports our clients implement and manage the Information Security Incident Response and Business Continuity Plan. Our services include
- Assistance in completing the Incident-response-management workbook
- Coordination with an IT vendor’s incident response plan
- Training staff and IT in the plan
- Testing the plan
- Table-top executive exercises (plan simulations)
- Incident / breach response services, including investigations and forensics (through our strategic alliance with Maryman & Associates).
Background Information & Additional Resources
SecureTheVillage: Getting Cyber-Prepared: Incident Response & Business Continuity
[1] The two disciplines of incident response and business continuity have many overlapping objectives and activities. While large organizations may typically have separate incident response plans and business continuity plans, this is often the result of both history and organizational structure. For mid-size and smaller organizations, these plans can be combined together into a single document.