Propose incident response procedures.
Proposal should include the following:
- Incident symptoms
- Classification of incidents
- Incident response plan:
- Documented incident types/category definitions
- Roles and responsibilities
- Reporting requirements, both internal and external (e.g., Occupational Safety and Health Administration [OSHA], Environmental Protection Agency [EPA], Food and Drug Administration [FDA], product recall requirements)
- Cyber-incident response teams
- Exercise/drill/simulation
- Incident response process:
- Preparation
- Detection and analysis
- Containment
- Eradication
- Recovery
- Lessons learned
Process/Skill Questions:
- What is the difference between an incident response plan and an incident response process?
- Why is it important to have incident response exercises?