Building Best Practices for Incident Event Management Programs

A meager 9% of incident management professionals rate their organization’s incident event management program as “very effective.” That’s just out of the 43% of organizations reporting that they even have a plan in place ((“Incident Response: How to Fight Back: A SANS Survey” Torres, A. SANS Institute InfoSec Reading Room. August 2014. Sponsored by AccessData, AlienVault, Arbor Networks, Bit9 + Carbon Black, HP, and McAfee/Intel Security.)). With escalating risks related to third party and even fourth party organizations, outsourcing companies must begin to apply best practice industry standards to improve operational, financial and information security. Part of a coherent strategy is a well-designed plan for coordinated and active vendor involvement in response planning, preparation, execution and remediation.

To help organizations become better prepared against incidents, the Shared Assessments Standardized Information Gathering (SIG) Questionnaire Committee recently released a briefing paper titled Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program, outlining a newly developed best practices model of incident event management program creation that directly involves third party providers. On December 9, 2015, Shared Assessments conducted a webinar on this topic that was well received by organizations from varying industry verticals.

Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program provides detailed best practice planning, policies, procedures and processes for outsourcing companies. A robust risk management guide and practical third party risk assessment and monitoring recommendations provide a clean, consistent methodology for the assessment of incident preparedness, incident management and post incident recovery.

This new tool covers planning, execution, reporting and remediation control to guide a higher level of preparation against increasingly inevitable incidents. The paper uses a proactive approach and a thorough review of the risks involved in outsourcing each type of service to a vendor, as well as the possible disruption of service that could result from an incident. The model contains a defined means for protecting data, consumers and the outsourcing relationship. A step-by-step guideline is presented, which can be tailored to each relationship depending on vendor type.

The assessment guide provides a comprehensive overview of an incident process lifecycle that includes process repeatability. The tool responds to needs for due diligence around a third party’s plan to include the critical elements of having a mature response process in place that recognizes key internal/external stakeholders. It addresses:

  • Considering and validating the need for and expertise of an incident response team at both the internal and vendor levels.
  • Key questions for establishing best practices, which include designating who is responsible for building a coherent pre-incident plan and who is responsible for understanding root causes when they do occur.
  • Points of escalation and notification are defined, along with guidelines provided for establishing them well in advance of a potential incident or cyberattack.
  • The issues of program monitoring, incident analysis, remediation and integrating lessons learned are covered.

Organizations employing this tool to create a robust assessment process and build an effective third party incident management program can expect:

  • Improved outcomes through a higher level of preparation against increasingly inevitable incidents.
  • Improved program maturity.
  • Better protection of organization reputation.
  • A defined means for protecting data, consumers and the outsourcing relationship.
  • Raised awareness through development of best practices issues on this topic.
  • Defined, effective mechanisms for incident resolution and/or remediation.

This release is just one example of the Shared Assessments Program’s continuing efforts to bring a higher level of agreement on best practices among top-level management and inform the evolution of each industry’s standards surrounding incident response and management across enterprises.

To learn more about how to build best practices for your company’s incident event management program, download the Shared Assessments briefing paper or view a replay of the December 9, 2015 webinar.

Marya Roddis is Vice President of Communications for The Santa Fe Group. She assists staff and members to document committee projects in white papers and briefings, as well as working on blog editing, press releases and other marketing documentation projects. She has worked as a Resource Development Consultant since 2003 for primarily non-profit organizations in the fields of arts, education, social services, and regional economic and business development.