Drafting an Incident Response Policy can seem overwhelming. At the beginning, it doesn’t seem feasible that a single document can help you maintain order during a breach. You may ask yourself if it’s even possible to prepare your team for responding to all of the latest Tactics, Techniques and Procedures (TTP) that attackers are leveraging. It’s not possible to craft a document that addresses every possible threat individually. However, you can create an effective policy that covers each major threat category as opposed to each individual attack.
If you’re not sure which categories to focus on, I recommend taking a look at Microsoft’s STRIDE Threat Model. STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. By leveraging the STRIDE model (or any other threat model), you can create a policy that will be relevant for years to come. This “one size fits all” approach will not only make your policy more efficient, it will be much more effective.
After you’ve crafted your policy, be sure to take the time to walk through a few scenarios. It’s even worthwhile to bring in a 3rd party to help you simulate a computer security incident on a regular basis. This exercise can help you identify any gaps that exist within your policies and procedures. It will also demonstrate how a simple policy will help your company respond to the even the most complicated security issues.