An action plan is the final product of an incident response. In our example, I would recommend two items for the data and network action plan. First, I would plan for the implementation of a Change Management Process. Change management is a good way to implement change into a production environment while ensuring a low probability that the change will interrupt data or service delivery. If the engineers in our example followed change management best practices, they would test the change before moving it to production. Further, they would execute a validation process to make sure the AR Server is functioning properly. If the change caused a problem, the engineers would execute a back out process to return the server to its original state with data intact. All of these processes should be documented and tested BEFORE the change is made to production.
Second, I would plan for the implementation of either manual or automated processes to track the execution of production jobs. This is another best practice that was missing from our example environment.
This is a very simple representation of how to approach an AAR. Your organization’s culture, management hierarchy, and the nature of each data security incident will affect the way you approach security incident reviews.
Data security Incident management is a key part of an organization’s efforts to maintain accurate, on time service and data delivery. Building a data security incident management capability requires careful preparation, complete documentation, and the formation and training of IRTs. Testing incident response scenarios is just as important as testing corporate data loss recovery from potential declared disasters.
The steps in responding to an incident are detection, containment, eradication, and management. The use of cause and effect diagrams to map the course of an incident and the efforts to recover from its effects is an important tool for identifying weak or missing controls. The use of a cause and effect diagram, as part of an overall AAR, leads to the creation and execution of an action plan designed to strengthen an organization’s ability to prevent significant adverse business impact.
Gano, D. L. (1999). Apollo root cause analysis: a new way of thinking. Apollonian Publications.