Don’t forget the human element in cyber response planning

When it comes down to it, machines can only do so much. The human side of your business is what really matters in times of threat. Tools can automate all sorts of processes, but they’ll never entirely replace human intelligence and intuition. For example, you may have a person who struggles with their password time after time. A machine might interpret that as an interloper trying to gain entrance, but human intelligence reminds us that for that individual, this behavior is normal.

Take full advantage of your human intelligence and share your plan across your business. Incorporate it into the day-to-day operations of every employee, especially your technical teams. Require that all staff annually review the plan and identify and report a suspicious event.

  • Include all employees
  • Make everyone accountable for their role in an event
  • Incorporate CIRT plans into your SOPs
  • Look for new threats and anomalies regularly

Other tactics include creating a review committee that can share progress with your executive team, and entrust them with holding regular reviews of policy documents.

Your cyber incident response team will work with your incident management team to create a report after each incident. The report will describe the incident, the corrective actions taken, and any new controls implemented to prevent future incidents from taking place.