An effective incident response strategy requires knowledge of the IT environment, thorough and regular testing, strong detection tools and comprehensive historical analysis. CISOs should take into consideration the following when preparing an incident response plan.

1. Identify weaknesses that cybercriminals could exploit. For example, know whether the operating systems are patched with current security updates, whether Internet of Things (IoT) devices have appropriate safeguards in place and whether the users’ identity systems are properly encrypted.

2. Test the incident response plan. A simulated attack can reveal areas of potential intrusion and help develop procedures to deal with them. CISOs should use simulation exercises to measure the effectiveness of their response plan in real time, then revise the plan and get ready for the real thing.

4. Build network analysis to operate in real time and filter false notifications. Network traffic analysis is the key to identifying intrusions, but if that analysis is delayed by days or even hours, it may be useless when it comes to stopping an attack in process.

5. Identify attack origins. History can be a great predictor of the future. This is particularly true when it comes to predicting cyber-attacks, but it’s only possible to analyze history if network traffic data is being collected and stored.