Johna Till Johnson
November 20, 2017
cybersecurity, information security, Incident response plan, IRP, DN6438, incident response policy
Every organization needs a cybersecurity Incident Response Policy (IRP). But understanding what goes into one—even with the assistance of a framework such as that from the National Institute of Standards and Technology—can be a challenge. The best approach is to break down the IRP into discrete components and focus on the requirements of each.
Table of Contents
- The Issue
- What is an Incident Response Policy?
- Defining an Incident
- Policy, Plan, or Procedure?
- Critical Components of the IRP
- Internal Communications
- External Communications
- Detection, Analysis, Containment, and Remediation
- Auditable Logging and Chain of Evidence
- Risk-based Prioritization
- The Post Mortem
- Useful Appendices
- War-gaming and IRP Review
- Conclusion and Recommendations