Governance , Incident Response

CISO Thom Langford on Key Considerations for Creating and Testing an Effective Plan Joan Goodchild • November 3, 2017     Thom Langford, CISO, Publicis Groupe

Several polls find that a majority of businesses still don't have a formal incident response plan in place. Thom Langford, CISO of Publicis Groupe, says all companies should consider two essential elements when crafting a plan: strong legal representation and a communications plan that considers both internal and external messaging.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

In a video interview at ISMG's recent Fraud and Breach Prevention Summit in London, Langford also discusses:

How frequently an incident response plan should be tested; Considerations for updating a plan; How to determine whether incident response can be handled in-house.

As CISO of Publicis Groupe, a French multinational advertising and public relations company, Langford is responsible for all aspects of information security risk and compliance as well as managing the group information security program. He's also responsible for business continuity capabilities across global operations. An international public speaker and award-winning security blogger, Langford contributes to a number of industry blogs and publications. He is also the founder of Host Unknown, which produces security education and infotainment films.