Proposal should include
- incident symptoms
- classification of incidents
- incident response plan
- documented incident types/category definitions
- roles and responsibilities, chain of command
- communications plan (e.g., up, down, and out)
- reporting requirements, both internal and external (e.g., OSHA, Environmental Protection Agency [EPA], Food and Drug Administration [FDA], product recall requirements)
- cyber-incident response teams
- exercise/drill/simulation
- incident response process
- preparation
- detection and analysis
- containment
- eradication
- recovery
- lessons learned.
Process/Skill Questions:
- What is the difference between an incident response plan and an incident response process?
- Why is it important to have incident response exercises?