Use Case

Technology Planning: Managed Endpoints

Tech Solutions Library > The 3 Phases of IT Incident Response Planning
The Process of Achieving Digital Transformation
May 26, 2020

Developing a comprehensive incident response strategy is a key component of any organization’s security program, but it requires a thoughtful approach and point-by-point plan.

Working with CDW on Improved Incident Response

PHASE 1

Preparation

Prepare for the inevitable by developing a plan to more effectively respond to an incident.

  • Secure executive buy-in.
  • Identify your organization’s most valuable assets.
  • Perform a risk assessment and address identified gaps.
  • Create a threat model to understand the types of incidents your organization is most vulnerable to and their potential impact.
  • Identify compliance and reporting requirements.
  • Properly define roles and responsibilities and establish a communication plan to be used during an incident. 
  • Develop an incident response plan, including processes and procedures.
Image of a man working on a laptop.
Image of woman working on a computer.
PHASE 2

Instrumentation

Security teams need the right instrumentation to detect, contain and eradicate threats.

  • Consult an expert to identify gaps that exist within your existing security instrumentation.
  • Invest in endpoint detection and response (EDR) and next-generation anti-virus (NGAV) solutions to provide comprehensive visibility into endpoint activity critical to detecting, investigating and mitigating advanced cyberthreats. 
  • Centralize logs and leverage an event log management solution to detect and investigate unusual or suspicious activity across the enterprise environment.
  • Collect network telemetry to identify and track anomalous network traffic and baseline deviations.
  • Minimize the attack surface of your environment through comprehensive vulnerability management solutions.
PHASE 3

Maintenance

Organizations and threats constantly evolve. Conduct regular reviews of your incident response program.

  • Conduct regular reviews of your incident response plan and update it as necessary.
  • Leverage purple team and tabletop exercises to validate the efficacy of your incident response program
  • Never let a good incident go to waste. Learn from security incidents within and outside your organization.
  • Stay abreast of the latest trends and attacker techniques and adapt your incident response program as necessary.
Close up image of a woman looking at computer screen.

Next step: Call CDW to get started with Incident Response.

Cybersecurity Assessments

Root out risks with
CDW Cybersecurity Assessments.

Security Services

Get critical insight into your organization’s security risk with CDW Amplified™ Security.

Discover how CDW can help you embrace digital transformation.

Take our CDW Amplified™ Services — Managed Endpoint Anywhere QuickStart Assessment today.

You May Also Like

Article
Improving Customer Care Through Technology
Investments in customer engagement center technologies can help organizations meet consumers' needs through an increasing number of channels.
Case Study
StudioNorth Leaves the IT to CDW and Spends More Time on Customer Satisfaction
Mark Mohr, president of StudioNorth, explains how CDW helps his marketing agency better serve its customers through seamless technology solutions and a personal partnership with his account manager.
Article
How Managed Print Services Can Improve Business Operations
Working with a service provider helps organizations cut costs, increase productivity and boost security.

MKT42914