Describe appropriate incident response procedures.

Description should include the following:

  • Incident symptoms, classification of incidents
  • Incident response plan
    • Documented incident types/category definitions
    • Roles and responsibilities
    • Reporting requirements/escalation both internal and external (e.g., Occupational Safety and Health Administration [OSHA], Environmental Protection Agency [EPA], Food and Drug Administration [FDA], product recall requirements)
    • Cyber-incident response teams
    • Exercise/drill/simulation

  • Incident response process
    • Preparation
    • Detection and analysis
    • Containment
    • Eradication
    • Recovery
    • Lessons learned

Process/Skill Questions:

  • What is the difference between an incident response plan and an incident response process?
  • Why is it important to have incident response exercises?