Incident Management

Incident Management

The objective of a basic incident management is to prepare you in case of an unscheduled interruption. Knowing who does what and when, and who warns whom by what means and when, helps you to gain precious time in case of an unscheduled interruption.

To achieve this, you should have a comprehensive and up-to-date list of internal (staff) and external contacts that can be involved in case of a major incident. These lists should be distributed throughout the organization. The contact lists should be clear and their details (telephone, e-mail, messaging, etc.) must be up-to-date.

To have a basic incident management it is important to keep track of all cyber security incidents in the past. This allows you to better determine the risks of a cyber security incident and adjust policies if needed. The logbook of all previous incidents should at least contain all ICT events that had or could had an impact on the ICT services. 

In case of an unscheduled interruption you should have an incident response procedures in place, which can help you to determine who needs to do what. The best way is to differentiate the procedure by type and severity of the incident

 

Put your plan together

To be able to deal with a cyber attack, set up an incident management plan and test it at least once a year:    

  • How to detect the incident?     
  • Who to contact to make decisions?     
  • Who are the competent authorities and how can I contact them?     
  • Who can help you technically (backups, etc.)?     
  • What traces or evidence to keep?     
  • What emergency devices should be installed for utility services (telephone, electricity, Internet, etc.)?     
  • How to ensure business continuity?     
  • How to communicate with your employees, customers, professional partners?     
  • What insurance coverage could be usefull?

TASK

Have a distributed up-to-date list of INTERNAL cybersecurity emergency contacts, including Management, Operations Management, Operations Team, Marketing & Communications, Legal, DPO (if applicable),...

TASK

Have a distributed up-to-date list of EXTERNAL cybersecurity emergency contacts, including Emergency Services, CERT, FOD Economy (SPAM), Legal Advisors, Cybersecurity experts, Subcontractors, Suppliers,...