CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » 5 steps to developing an incident response plan
Technology Operations

5 steps to developing an incident response plan

Involve all areas of the credit union in the planning process.

September 11, 2019
Bill Merrick
No Comments
5 steps to developing an incident response plan
Jesse Davis (standing), IT governance and risk program manager for American Airlines Federal Credit Union, walks attendees through a data breach exercise.

Data breaches aren’t a matter of “if,” they’re a matter of “when,” according to two information security experts.

“You have to accept the fact that you’ll be breached,” says Marty Hetzel, manager of cybersecurity at BCU in Vernon Hills, Ill. “The question is, will you be ready?”

“If big companies like Capital One are being breached, more than likely it will happen to us,” adds Jesse Davis, IT governance and risk program manager for American Airlines Federal Credit Union in Fort Worth, Texas. “We have to know how to respond.”

Key to preparation is having an effective incident response plan, they say, which entails:

1. Involving all areas of the credit union and all aspects of your business in the plan. “If you involve only the IT people, they’ll do the IT portion,” Hetzel says. “But you need to ensure everyone is part of the planning process.”

2. Basing your plan on NIST (National Institute of Standards and Technology) protocol.

3. Customizing your plan for your particular credit union.

4. Updating your plan regularly. “Update it with lessons learned after an incident to make it better,” Hetzel says. “The landscape, threats, and technology are evolving.”

“Ten years ago, we weren’t thinking about the cloud,” Davis says. “Now we need to think about cloud response.”

5. Testing and practicing your plan regularly to drive improvements. “Testing once a year isn’t enough,” Hetzel says.

Ultimately, incident response plans must be strategic, consistent, efficient, documented, confidential, and empowered.

“Empower your groups and teams,” Davis says. “Train your people and get the right people involved.”

“Seventy-seven percent of organizations do not have a formal incident response program,” Hetzel adds. “That’s alarming.”

Hetzel and Davis addressed the CUNA Technology Council’s 6th Annual Security Summit.

►Click here for more conference coverage from CUNA News, and get live updates on Twitter via @cumagazine, @CUNA_News, @CUNACouncils, and by using the #TechCouncil and #OMECouncil hashtags. Learn more about the CUNA Councils, a member-led professional society for credit union executives, at cunacouncils.org.

KEYWORDS CUNA Technology Council cybersecurity data breach

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • House passes CUNA, League-led board modernization bill

  • CFPB issues CUNA-opposed proposal on credit card late fees

  • Key committee leaders supportive of credit union priorities

Tweets by CUNA_News

Polls

Vote for the 2023 CU Hero of the Year

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us