“Quick,” “responsive” and “effective” are just three of the operative words that spring to mind when it comes to an organization’s cybersecurity readiness plan. But with a lack of professionals in place to protect and test an organization’s network, how can any business really know if their cybersecurity plan is enough?

Answering questions like the one above and more was the focus of our most recent #CiscoChat, “Incident Response in a Complex Threat Environment.” Joined by Cisco panelists Harlan Parrot, Dmitry Kuchynski Patrick Thomas and Cisco Champion Jake Gillen, #CiscoChat participants discussed incident response plans, gaps in security strategies and much more.

If you missed the chat, we’ve highlighted a few of our participants’ first-rate responses. You can also view actual Twitter responses submitted during this #CiscoChat.

1. What are the main components of an incident response plan?

Even the most elaborate incident response plan is built on standard frameworks of cybersecurity. 

Having a plan in place is the critical first step. Though it seems an obvious concept, less than 50% of respondents to a Cisco survey shared that they use standard tools such as patching and configuration to prevent security breaches.

@CiscoSecurity One of the first components is having an simple integrated plan to start with and regularly testing. #ciscochat

— Dmitry Kuchynski (@d_kuchynski) April 21, 2015

with defined incident types structure, team escalations, focused on specific threats to your environment. #ciscochat

— Dmitry Kuchynski (@d_kuchynski) April 21, 2015

Realizing that there are phases to an incident can assist in shaping a response plan.

Important to understand the phases that an incident goes through, and plan to respond accordingly in each phase. #ciscochat

— Harlan Parrott (@harlan_parrott) April 21, 2015

2. How can organizations assess their readiness to respond to security incidents?

Once a response plan is in place, testing its ability to protect a network is the only way to truly guard from cyber-attacks. And our #CiscoChat participants responded to this question with several ideas, starting with the basics.

@RasheshJethi @CiscoSecurity A good start. Knowing what normal looks like and what an incident looks like for your org. #CiscoChat

— Jacob (Jake) Gillen (@jakegillen) April 21, 2015

Having a rapid response team in place is essential was presented as a solution as well, as was garnering support from internal teams outside of IT.

@jakegillen @CiscoSecurity #ciscochat you can't prepare for the unknown but designating a response team in the org is key

— Mike Van Meerten (@cmbtrok) April 21, 2015

#CiscoChat accept that an incident response plan crosses org. boundaries - tech - business

— stefan avgoustakis (@savgoust) April 21, 2015

Best bet? Don’t wait until an incident occurs to assess your organization’s response!

Lots of people on #CiscoChat clearly been burned by org having no plan. Get your hands on that dusty plan and try it out: it'll break.

— Patrick Thomas (@coffeetocode) April 21, 2015

3. What common gaps do you see in incident management today?

Talk about a timely question! In a previous blog, we noted that there are multiple studies that show an ever-widening gap in perceptions on security capabilities. Many of our #CiscoChat participants were network security experts and were quick to respond to this particular question.

@coffeetocode lack of access to app design documentation, slow flux but working with a development team already under stress #CiscoChat

— Mark Flynn (@mjfly1) April 21, 2015

Incident Response Shelfware - write only document produced by consultants that is never reviewed until the incident arrives. #ciscochat

— Harlan Parrott (@harlan_parrott) April 21, 2015

Answers even came in from the floor at the RSA Conference, which is solely focused on empowering organizations to stay ahead of cyber threats.

Also, using the right tools for fighting the fires..wise words from @enhancedx @CiscoSecurity #ciscochat #RSAC2015 pic.twitter.com/ajIWzvxjWl

— rashesh jethi (@RasheshJethi) April 21, 2015

This is just a sampling of the questions, conversation, solutions and insights shared during this particular #CiscoChat. Take a look at the recap, share your own answers to the questions we posed and join our next discussion using hashtag #CiscoChat. For more information on Cisco Security Services, check out our page here.