Planning a Response: How to Develop an Effective CIRP

What exactly is a CIRP? A CIRP (Computer Incident Response Plan) helps companies and organizations monitor their networks and plan adequate responses to deal with any suspicious activity before too much data is lost. These attacks could result from malware, lost or stolen computers and equipment, mistakes on the part of third-party vendors, and intentional destruction of data, as well as a multitude of other ways in which a company’s systems can be compromised and their data stolen.

The best way to prevent data loss is to plan for various contingencies and how to handle them from the moment that a data breach is discovered until it is dealt with. This includes creating a Computer Emergency Response Team made up of managers, IT and security people, HR and PR directors, and any legal advisors and internal security auditors.

It is the responsibility of the Computer Emergency Response Team to delegate responsibilities for who will do what when a security breach happens. This is accomplished through step-by-step planning among the team and the use of tabletop exercises to test those plans, adjusting them when better solutions are found to a problem. Any CIRP needs to take into account the company’s strengths and weaknesses and play into those accordingly.

This should be done for likely problems that could occur, one at a time. Such problems might include a Website becoming compromised, threats from within the company (such as a disgruntled employee), malware, data leakage, espionage, and more. Basically, any way that a company could lose its data should be assessed and a solution decided upon as to what to do when such events do occur.

After concluding tabletop exercises, organizations should hold a debriefing and discuss areas where the team felt the exercises went well. This debriefing should also include areas where the team feels more training is needed. After determining a need for more training, managers should quickly address these security holes. Organizations should conduct Computer Emergency Response Team meetings at least annually, if not more often.

For more information about keeping data safe, visit: