Develop and Implement a Security Incident Management ProgramDon’t be reactive: respond to incidents proactively. Security incidents are inevitable for every organization and they can turn into costly security breaches. According to a 2013 Kaspersky Lab report, 91% of companies surveyed had at least one external security incident; 85% had at least one internal security incident. (Kapersky Lab, 2013)A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources. Poor incident response negatively affects business practices including workflow, revenue generation, and public image.[Problem] Out-of-the-box incident classifications often offer too much coverage. Too many irrelevant cases that are not applicable to the organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about. [Solution] Develop specific incident use cases to correspond with relevant incidents in order to consistently identify the response process and eliminate ambiguity when handled by different individuals at different times.

IT professionals wearing a security hat better get used to increased pressure from business to step up their security game as paranoia over being breached will reach new heights. Results of incident response must be analyzed, tracked, and reviewed regularly. Otherwise a lack of comprehensive understanding of trends and patterns regarding incidents leads to being re-victimized by the same vector. Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.

http://www.infotech.com/research/ss/develop-and-implement-a-security-incident-management-program