Our Reports

Crafting a Cybersecurity Incident Response Policy: Doing it Right

Author: Johna Till Johnson, CEO & Founder

Every organization needs a cybersecurity Incident Response Policy (IRP). But understanding what goes into one—even with the assistance of a framework such as that from the National Institute of Standards and Technology—can be a challenge. The best approach is to break down the IRP into discrete components and focus on the requirements of each.

Table of Contents
  • The Issue
  • What is an Incident Response Policy?
    • Defining an Incident
    • Policy, Plan, or Procedure?
  • Critical Components of the IRP
    • Internal Communications
    • External Communications
    • Detection, Analysis, Containment, and Remediation
    • Auditable Logging and Chain of Evidence
    • Risk-based Prioritization
    • The Post Mortem
    • Useful Appendices
  • War-gaming and IRP Review
  • Conclusion and Recommendations

You are currently viewing a preview of this content. Nemertes Clients, please log in for full access to all research content. If you are not a client, please click below to purchase access to this research report. We also invite you to become a client.


Purchase Access