Incident Response Plan: How to Decide on Your Risk Appetite?2 Experts Share Their Views on How to Put IR Plans to Practical Use
What should a good incident response plan contain, and how must enterprises decide on their risk appetite for a good IR plan? Two experts - Md. Sanowar Hossain, head of IT security at Mutual Trust Bank in Bangladesh, and retired Lt. Col Dr Santosh Khadsare, digital forensics and incident response expert from the Indian Army - discuss how to design an incident response plan.
One of the primary factors in drawing a good IR strategy, say the experts, is to understand the risk tolerance of your organization.
"We should do a detailed cost-benefit analysis as well as an analysis of risk. This has to be done in collaboration with business," Hossain says. He adds that only investing in security tools will not achieve the desired goal.
Khadsare says it is important to include predictive analysis in your incident response plan. "When we are speaking of risk tolerance, we need to include reactive, proactive as well as predictive analysis. It also depends on the industry culture and financial strength of an organization. All these factors need to be included when we are speaking about risks," he says.
In a video interview with Information Security Media Group, the Hossain and Khadsare also discuss:
- How to build cyber resilience;
- How to prepare playbooks for different incidents;
- The important tools needed to create an IR strategy.
Hossain is head of IT security at Mutual Trust Bank in Bangladesh. He has more than 22 years of diversified experience in information technology, cybersecurity, IT service management and project management.
Lt Col Khadsare is a digital forensics and incident response expert who has retired from the Indian Army. He has more than 23 years of experience in the field of digital forensics, cyber laws, cyber audit and incident response.