Incident Response

Every financial institution should develop an incident response policy that is properly integrated into the business continuity planning process. A security incident represents the attempted or successful unauthorized access, use, modification, or destruction of information systems or customer data. If unauthorized access occurs, the financial institution's computer systems could potentially fail and confidential information could be compromised. In the event of a security incident, management must decide how to properly protect information systems and confidential data while also maintaining business continuity. Management's ultimate goal should be to minimize damage to the institution and its customers through containment of the incident and proper restoration of information systems. A key element of incident response involves assigning responsibility for evaluating, responding, and managing security incidents and developing guidelines for employees to follow regarding escalation and reporting procedures. Management should determine who will be responsible for declaring an incident and restoring affected computer systems once the incident is resolved. Individuals who are assigned this responsibility should have the expertise and training necessary to quickly respond in an appropriate manner. Financial institutions should assess the adequacy of their preparation by testing incident response guidelines to ensure that the procedures correspond with business continuity strategies.

 

Previous Section
Crisis Management
Next Section
Remote Access