MD1 Incident response plans Flashcards
Response plans
You may remember learning that security plans consist of three basic elements: policies, standards, and procedures.
An incident response plan is a document that outlines the procedures to take in each step of incident response.
Response plans, just like response teams, are not all the same. Organizations tailor their plans to meet their unique requirements such as their mission, size, culture, industry, and structure. For example, smaller organisations may choose to include their incident response plan in their security plan, while others may choose to have them as separate documents.
Elements of Incident plans
- Incident response procedures
Incident plans have: Incident response procedures. These are step-by-step instructions on how to respond to incidents. System information. These are things like network diagrams, data flow diagrams, logging, and asset inventory information. And other documents like contact lists, forms, and templates.
Elements of Incident plans
- System information
System information. These are things like network diagrams, data flow diagrams, logging, and asset inventory information.
Elements of Incident plans
- Other documents
other documents like contact lists, forms, and templates.
Plans aren’t perfect, and there’s always room to adjust and improve as incidents occur. Incident processes and procedures must be regularly reviewed and tested.
his can be done through exercises like tabletops or simulations. These exercises ensure that all team members are familiar with the response plan. They also allow organizations to identify any missing gaps in a process to improve their incident response plan. Also, organizations may be required to complete specific types of exercises for regulatory reasons.