“Especially if this is the first time an organization is creating a plan like this, the focus should really be working on it piece by piece to not be overwhelmed. So, start outsmall. What are the designated roles and responsibilities that you have? Then, determine how the plan can best fit your needs. This can be done by assessing what types of incidents are most detrimental to your organization.” - Christina Annechino

Host Jara Rowe and guest Christina Annechino delve into incident response plans and tabletop exercises in this week’s episode. We’ll identify common challenges with developing incident response plans and the ins and outs of tabletop exercises. 

Gain tips on forming an incident response plan and insight into the documentation and testing requirements and compliance standards such as NIST, SOC 2, PCI DSS, and ISO 27001. We provide a comprehensive understanding of the critical elements and processes involved in incident response planning, compliance, and tabletop exercises.

In this episode, you’ll learn: 

• What defines an incident, and what to include in an incident response plan to be prepared and compliant. 
• Why tabletop exercises are essential for identifying any gaps in the documented processes and procedures and preparing teams for emergencies.
• How incident response plans and tabletop exercises are crucial in compliance readiness and maintaining security certifications. 

Things to listen for:

[01:58 - 02:40] Definition of an incident and incident response plan

[03:55 - 04:34] Tips for creating an incident response plan

[04:51 - 05:25] The role of incident response plans in overall risk management

[05:33 - 06:00] How incident response plan maintain security and annual certifications

[06:21 - 07:05] Definition of a tabletop exercise and its role in incident response plans

[07:10 - 08:18] How often to conduct tabletop exercises and their challenges and benefits

[08:34 - 09:19] Addressing compliance-related aspects through tabletop exercises

[09:30 - 09:59] Compliance standards and the importance of testing incident response capabilities

[10:06 - 10:36] Demonstrating a functional incident response plan during compliance audits

[10:47 - 10:56] Structure of documentation for incident response plans and tabletop exercises

[11:07 - 11:43] Tips on creating an incident response plan and the purpose of tabletop exercises

[12:1 - 15:15] Jara’s receipts

Resources:

Data Security 101: Decoding Incidents and Breaches

Data Breach Preparedness: Developing an Incident Response Plan

7 Tips for Talking to Your Customers After Getting Hacked

Connect with the Guest:

Christina Annechino’s LinkedIn

Connect with the host:

Jara Rowe’s LinkedIn

Connect with Trava:

Website www.travasecurity.com 

Blog www.travasecurity.com/blog

LinkedIn @travasecurity

YouTube @travasecurity