Incident Response Plans for State Government: A Preliminary Content Analysis
MetadataShow full metadata
Purpose: With cyberattacks on the rise state government need to be prepared for cyber incidents. Therefore, the purpose of this preliminary research is to first identify key elements of a cyber incident response plan using the literature; second, assess available state cyber incident response plans using the key elements and lastly, make recommendations to improve state incident response plans using the results of the assessment.
Methodology: Incident response plans were broken down into three major categories derived from the literature: incident response team structure, handling an incident, and coordination and information sharing. A content analysis was completed to compare the National Institute of Standards and Technology’s (NIST) framework to the state incident response plans.
Findings: The finding showed that there was significant involvement from the states' governors; that the state plans were generic but had a diversity of names. The incident response plan was broken down into three major categories which were incident response team structure, handling an incident and coordination and information sharing. The first category incident response team structure six states had a minimal discussion, and two had no reference to "Chief Information Officer." The second category handling an incident eight of the ten states were rated as "well done" or "adequate" for "Preparation, "Detection and Analysis" and "Containment Eradication and Recovery." Lastly, coordination and information sharing nine of the ten states were rated as "well done" or "adequate."
With limited manpower, it is imperative that IT teams be highly proficient in their duties. The governors have given these agencies the freedom to tailor policies, plans, and team models according to their manpower. Most plans cited the NIST framework and tailor it to their own organizations. Overall the state of Texas had the best incident response plan; however, there is much work needed to be done to strengthen state incident response plans.