This definition may not explain how to get there, but it tells you where you want to go. It provides a descriptive definition of an effective incident response plan.
An Incident Response Plan:
- is an implementation road map;
- describes the team structure and organization;
- is reviewed and approved at the right level;
- provides organizational context;
- defines reportable incidents;
- identifies key metrics; and
- defines needed resources and management support.
This makes a good list of New Year’s resolutions for improving an incident response plan and program.
Many readers may recognize this description. This description paraphrases the description of the Incident Response Plan security control (IR-8) in the NIST Publication SP 800-53. For more information on SP 800-53 refer to What Does NIST Say about Incident Response?, March 2013.
Let us help you with a response plan review that moves forward on these valuable measures.