• ORNA

Not The Last, But A Good Incident Management Checklist To Start With

You’ll be surprised to learn what we found out is the most important to incorporate into your Incident Management Checklist after getting into the minds of some of the industry’s leading professionals.


When the experts spoke, we listened! Join us as we delve into the latest tips from the most qualified authorities in the business who stressed keeping the process as simple and streamlined as possible while covering a broad range of issues.


It’s also of the utmost importance to ensure that no stone is left unturned so your skilled cross-trained team members can efficiently pinpoint and remediate problems within the scope of their expertise and predefined obligations.



What You Will Need to Get Started


All incident management begins by ensuring you have what you need to get started such as:

  1. A reliable network connection: Without this, you’re going nowhere. It’s paramount that your team’s network hands-free of add-ons, APIs, customizations, integrations, and workflows is reliable and adaptable to scale with you.

  2. An adequate headset will help keep your mind focused and your hands free to efficiently correspond with others while making progress toward solving the issue.

  3. Directions to locate playbooks to provide guidance during situations.

  4. A unified dashboard that expeditiously shows everything related to the incident. Including a regularly maintained minimalistic library of Runbooks, noteworthy scripts, and workflows that address some of the most common issues.

  5. Automating as much of the incident management solution as possible increases efficiency, compliance with regulations, generating reports about the incident handling aspects, and enhancing visibility across departments. authentication aids.

  6. Links to the logs of the incident to help identify and categorize the incident. Incidents are identified using several methods such as manual identification, solution analyses, and user reports. Once an incident is identified and logged, categorization can begin to determine how it should be handled and prioritize response resources.


Be Prepared for an Emergency Situation


If you’ve ever experienced an emergency, you know that time is of the essence. The performance of your team depends on each member meeting the expectation of being a master of their predefined responsibilities.


Having a checklist that outlines everyone’s obligations safeguards that there isn’t any confusion. It has been said a “Less is more” approach is best when it comes to building your team and selecting tools.


A few well-cross-trained people utilizing a broad-spectrum platform to its fullest capabilities are superior to a large team that has highly specialized skillsets with many niche tools.


When Non-IT staff are properly trained and are aware of how to identify and report incidents, the IT response is quicker and does not need to spend excessive time interpreting reports.


It’s suggested to include contact information for at least one on-call representative of each of the following areas:

  1. Specialist(s) for each incident

  2. Communication leads for internal and external messaging communication channels including places such as Microsoft Teams, Slack, ChatOps, etc. Expeditious and dependable alerts to make the appropriate people aware of an incident are crucial. Selectively plan how alerts are categorized and who the recipients are. Alert overload is important to avoid so actual incident alerts are likely to be overlooked.

  3. Stakeholder(s) with authority to execute decisions to establish a timely and effective outcome.

You cannot miss a step as someone who is the point of contact for coordinating with clients, stakeholders, and other teams, managing your various levels of incident teams, generating reports, setting up processes in accordance with business requirements, and maintaining Key Performance Indicators. It is imperative that records are maintained for:

  1. All communication of the incident’s status must be documented, and the customer kept abreast of the situation. An informed customer builds trust and expedites response efforts.

  2. Failover questions should be entered at specified times.

  3. Correspondence with experts and stakeholders as needed within the outline.

  4. Post-extenuation synopsis of the event.

  5. Schedule a postmortem to analyze the incident for what works and what didn’t work to avoid similar occurrences in the future.

Obstacles to Lookout For


Some of the top obstacles in Incident Management are said to range from the ever-increasing sheer volume of risk, changing privacy requirements, insider threats, limited budgets, and believe it or not - the deficiency of a company’s own data required to effectively monitor for incident management!


The pros say that what will make your overall Incident Management stand out amongst the crowd is taking into consideration the identification and documentation of the specifics of what happened and what was needed while handling the reported incident to help identify root causes and more.

  1. The incident’s date & timestamp(s)

  2. Names of the first responder(s)

  3. Name(s) of the systems affected

  4. The security level of the incident

  5. The radius of the incident

  6. The incident’s expected resolution date and time

  7. Plans for the rollout of communications

  8. Was the incident repetitive? (If yes, refer to previous incidents)

  9. Group potential multiple incidents reports present

  10. Deployment issues and On-code

  11. Playbooks that can revert systems

  12. Screenshot of logging systems, relevant monitoring, and system’s health

  13. Timeline of events from discovery to resolution.

  14. Applicable postmortem information. If a postmortem meeting is planned, crisis document and attach items to take preventative measures in the future.

  15. Update the service track record with the attached incident and set the incident without days to zero.

  16. Update the stakeholders per the rollout plan for communications.

Regardless of a company’s industry or size, incident management is necessary. For your business to efficiently handle unexpected incidents or interruptions and to restore integral business operations it’s best to practice your incident response plan by simulating actual crises. Incident response plans are ever-evolving and should regularly be revised to remain up to date because so is the technological landscape we are working in.



An article by Jesse McGraw


Contributor Shana Wakenshaw, Journey's Footpath Edited by Anne Caminer

4 views
Screen Shot 2022-06-13 at 4.57.16 PM.png

Detect, respond, prevent and SOAR with ORNA

Subscribe

Weekly cyber insights

Thanks for submitting!