The Relationship Between Incident Response and Risk Management

The relationship between Risk Management and Incident Response is an essential partnership between the technical and business aspects of an organization. In the past twenty years we’ve relied on technology to make businesses more efficient, but only the past decade or so has shown that protecting informational assets is equally important to incorporate within a business’ technology operations.

How they work together is really the substructure to the relationship as both are required for efficient fortuitous operation. Risk Management is a series of guidelines based on research and historical events to mitigate total compromise within an organization. It might not completely solve the problem, however it should allow a trained team, such as the IT staff, to contain the threat or problem.

An effective Risk Management plan should also provide rules to prevent an incident from happening, so that the Incident Response team doesn’t have to actively pursue a threat. It should also provide best practices for non-technical staff to employ when accessing any organizational assets. When an active threat exists, that typically means the Risk Management guidelines were ineffective or certain guidelines were not properly followed.

When a network or some other assets are breached, that’s when the Incident Response team has to eliminate the threat. When the threat is finally eliminated or contained, the response is typically recorded into a “lessons learned” document and included into a revision of the Risk Management guidelines and controls. This is one of the most forefront examples of the relationship between Risk Management and Incident Response.

Incident Response is the execution of a plan using techniques from the Risk Management guidelines. It also involves actively solving a problem, such as a network breach, by employing techniques to contain or eliminate the attacker along with any traces of malicious software which the attacker may have left behind. The relationship between Incident Response and Risk Management is asynchronous, so that when a risk found, it can be dealt with properly, and when an incident occurs it can be implemented into the controls for the particular risk’s guidelines.

Without this relationship the damage threshold would be much higher and cause greater financial loss. When the Risk Management guidelines or controls are built correctly the Incident Response process is much more effective and should always work to bring the organization back to normal operations. That’s why businesses exist, to make a profit, and such is the reason why Risk Management and Incident Response go hand-in-hand. They profit off each other and continually grow as threats and technology evolves.

In summary, the relationship between Risk Management and Incident Response exists so that a framework for protecting an organization can be developed to passively and actively eliminate threats and to achieve protection the two must go hand-in-hand.