Description should include
- identification of incident symptoms
- classification of incidents
- incident response plan
- incident types/category definitions
- roles and responsibilities
- reporting requirements/escalation both internal and external (e.g., OSHA, U.S. Environmental Protection Agency [EPA], U.S. Food and Drug Administration [FDA], product recall requirements)
- cyber-incident response teams
- exercise/drill/simulation
- incident response process
- preparation (e.g., risk analysis)
- detection and analysis
- containment
- eradication
- recovery
- lessons learned.
Process/Skill Questions:
- What is the difference between an incident response plan and an incident response process?
- Why is it important to have incident response exercises?