Incident Response Plan

Incident Response Process

1. Preparation: Help prepare the appropriate people to respond
2. Identification: Determine if an event is a security incident
3. Containment: Limit the damage of the incident and isolate impacted systems
4. Eradication: Find the cause and remove any systems that may be causing harm
5. Recovery: Return to normal operation
6. Lessons learned: Document everything and analyze to learn and improve

Incident Response Plan Contents

1. Documented incident definitions
2. Incident response teams
3. Reporting requirements / escalation
4. Retention policy
5. Stakeholder management
6. Communications plan