Actions
Build security incident response procedures in alignment with national standards[External].
Risk factors
Incomplete visibility into user, network, and system activities can affect incident detection.
Without incident response procedures in place, several issues can occur:
- Delays in recovery
- More assets becoming compromised
- Poor communication and coordination among the people responding to the incident
- Delays in response efforts can put your organization at increased risk
Write up or update incident response processes and procedures as soon as possible. When a real or suspected security incident occurs:
- Take immediate action
- Follow your response process
Recommendations
Put in place security incident response procedures.
The processes should address each aspect of the incident lifecycle:
- Preparation
- Detection and analysis
- Containment, eradication, and recovery
- Post-incident activity
The Bay Area Urban Areas Security Initiative provides cybersecurity response frameworks and toolkits[External]. Use them to create your plans.
Develop an incident response plan specific to recovery from ransomware attacks. Conduct tabletop exercises and update your plans every year.
Related
-
Cybersecurity
Learn about how we’re keeping the County network secure and how you can protect yourself and your business safe too.
-
Cybersecurity newsletter
Read and subscribe to our monthly newsletter, Marin CyberSafe News.
-
Top cybersecurity tips for organizations
Learn how to protect your business or organization from cyberattacks. These cybersecurity tips will help you protect your organization’s information.