The cyber incident response plan: The power is in the process

Éloïse Gratton June 1, 2022

Every cyber expert, regulator and standards body will say you should have a cyber incident response plan. What these authorities don’t tell you is that not all plans are created equal. Without the proper process, most aren’t worth much.

Too many organizations approach preparing incident response plans focusing on the deliverable. They want a cyber incident playbook they can dust off and rely on in the heat of crises.

An incident response plan is better conceived of as a vehicle for issue identification, problem solving, collaboration and continuous learning. The true value of an incident response plan comes from the act of preparation itself, if – and only if – you prepare it the right way.

Read the article authored by my partners Dan Michaluk and Eric Charleston on this topic.

This content has been updated on June 3, 2022 at 21 h 29 min.

Éloïse Gratton

Privacy & Data Protection Law

The cyber incident response plan: The power is in the process

Data governance and privacy risks in Canada: A checklist for boards and c-suite

An Update on New Québec Confidentiality Incidents and Record-Keeping Requirements

The inside scoop on how to become a privacy lawyer: 10 tips from the top

Preparing for the Privacy Reform in Canada

Getting Ready for Québec’s New Privacy Law in 2023 (Part 1): Using what we know so far

Getting Ready for Quebec’s New Privacy Law in 2023 (Part 2): Navigating uncertainty in the Law

Une fugitive recherchée depuis 30 ans, capturée à Berlin grâce à la reconnaissance faciale

CBC Windsor Morning Radio Show

La Cour suprême vient compliquer les cyberenquêtes

Une fugitive capturée à Berlin grâce à la reconnaissance faciale

Aide-mémoire en matière de protection de la vie privée et de sécurité des renseignements personnels

Lucky 7 data privacy and security cheat sheet