Robust Crisis and Incident Response
It is not possible to prevent every conceivable security incident that could affect state information systems. A balanced Information Security program includes the ability to analyze the circumstances surrounding an incident and to restore normal system functions in a timely manner.
Initiatives in this chapter prepare MNIT for inevitable service interruptions. MNIT must have robust plans to minimize the impact of security incidents. MNIT also must test those plans and recovery processes to keep vital services functioning and data secure in a time of crisis.
14. Develop and Exercise Recovery Strategies for Applications
A disaster recovery plan documents the recovery strategies for an information system. It outlines predetermined and approved response and recovery actions that reduce decision-making during a crisis, and it provides a systematic and documented recovery process. Planned disaster recovery actions ensure timely restoration of vital business functions in a time of crisis.
This strategy includes seven specific desired outcomes.
15. Respond to Security Incidents Faster
Formal processes to record, validate, prioritize, classify, contain, and eradicate security incidents minimize harm resulting from attacks. Solid relationships and ongoing communication can also help security professionals respond to incidents faster. Simplifying response processes is a key part of this strategy. Further normalizing legacy response processes reduces the time it takes to validate and respond to incidents, particularly in the case of incidents that occur during nonbusiness hours.
This strategy includes six specific desired outcomes.