The table below depicts two dimensions of the response team’s scope of responsibility: incident categories represent the breadth of responsibility and incident types represent the granularity or depth of responsibility.
Incident Categories | Incident Types |
---|---|
Compromised Asset |
|
External Internet |
|
Malware |
|
Equipment Loss |
|
Internal / Personnel |
|
Information Security Services |
|
In addition to describing the response plan’s scope, categories recognize incidents with common characteristics and possibly shared actions. Employee incidents often require action from human resources. External incidents may require support from the Internet Service Provider (ISP) or a Managed Security Service Provider (MSSP).
The incident response plan may complement or extend an organization’s business continuity/disaster recovery plan – some incidents threaten business continuity. It must be determined how this fits in the scope of the response plan.
Defining the response plan scope in terms of incident categories and types helps identify holes in the plan, omitted incidents.