Johna Till Johnson
November 20, 2017
cybersecurity, information security, Incident response plan, IRP, DN6438, incident response policy
Every organization needs a cybersecurity Incident Response Policy (IRP). But understanding what goes into one—even with the assistance of a framework such as that from the National Institute of Standards and Technology—can be a challenge. The best approach is to break down the IRP into discrete components and focus on the requirements of each.
Table of Contents
- The Issue
- What is an Incident Response Policy?
- Defining an Incident
- Policy, Plan, or Procedure?
- Critical Components of the IRP
- Internal Communications
- External Communications
- Detection, Analysis, Containment, and Remediation
- Auditable Logging and Chain of Evidence
- Risk-based Prioritization
- The Post Mortem
- Useful Appendices
- War-gaming and IRP Review
- Conclusion and Recommendations
You are currently viewing a Preview of this Content. Clients of this research can view the full content by logging in. Non-clients can view selected content by registering. To be able to view content based on your permissions, please login or register here