Week 4 Post – Incident Response Plans

All federal agencies are required by law to have detailed Incident Response Plans (IRP). The National Institute of Standards & Technology (NIST) has a thorough guide to Contingency planning and developing an IRP that even the home user or small organization could find some value in.

NIST has Special Publication 800-34, Rev. 1, Contingency Planning Guide for Federal Information Systems, that provides these seven fundamental steps:

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business processes. A template for developing the BIA is provided to assist the user.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.

6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.
This guide presents three sample formats for developing an information system contingency
Source: NIST SP 800-34, Rev. 1. 2010

I realize that most small organizations do not have an Incident Response Plan (IRP). What do these organizations do when they encounter the inevitable “incident”? Anyone who has worked in an IT support capacity servicing small organizations has seen the hard drive failures, virus infections, lack of good backups, and even accidental data corruption or deletion by users.

A simple, actionable plan doesn’t need to be complicated, and it is something every organization should consider.


National Institute of Standards and Technology (2010). SP 800-34, Rev.1. Contingency Planning Guide for Federal Information Systems. Gaithersburg, MD