In fashioning a written incident response plan, care should be taken to tailor it for use during an actual incident. Long, unwieldy plans beget confusion and, ultimately, lack of adoption by the incident response team members. LEO’s incident response framework is different, breaking down the plan into a network of targeted Procedures, Rules, and Communication Protocols to facilitate seamless collaboration between incident response disciplines.
For many companies, an incident response plan satisfies a compliance requirement. But the underlying purpose of a plan is to guide a team through the response to an incident. In surveying the sufficiency of a plan, the first question management should ask is “can we effectively execute from this plan?” Can a team member, trained or untrained, come into a situation and, armed with only the plan, be able to meet his/her obligations, on time and without mistake, in the face of a serious incident?
LEO recognizes the gravity of that question. It was likely the same challenge facing our nation’s space pioneers back in the late fifties. NASA knew that the young engineers in Mission Control did not have time to fumble through a 50 page document looking for the correct action. For this reason, NASA took a different path in the formulation of its response framework. And so has LEO with incident response.
LEO’s incident response framework is built upon four pillars: Procedures, Rules, Communication Protocols, and Software.
To LEO’s IR experts, basic checklists are a step in the right direction, but they lack a number of core fundamentals. Procedures, by contrast, are compartmentalized, targeted, time-dependent, interrelated action lists. Let’s break down each of those for better understanding.