What Incident Response does
Incident Response isn't just about reacting to an attack; it's a continuous cycle of preparation, detection, containment, eradication, recovery, and post-incident activity. A well-defined Incident Response plan, often documented in runbooks, provides a clear roadmap for IT teams to follow during an incident. These runbooks detail specific steps, roles, and responsibilities to ensure a consistent and effective response, reducing confusion and potential errors under pressure. The NIST framework provides a widely recognised structure for developing these plans.
Incident Response in Australian tenants today
The Notifiable Data Breach scheme mandates that AU mid-market organisations assess potential data breaches within 30 days and notify the OAIC and affected individuals if certain criteria are met. Failing to do so can result in significant penalties. Having a robust IR plan, and potentially engaging an IR retainer, is crucial for meeting these obligations. An IR retainer provides access to specialist expertise and tools, particularly valuable for AU mid-market organisations that may lack in-house capabilities to handle complex incidents effectively. APRA CPS 234 also highlights the importance of resilience and incident response capabilities for critical infrastructure entities.