IR-8: Incident Response Plan

Statement

• a.

  Develop an incident response plan that:

  • 1.

    Provides the organization with a roadmap for implementing its incident response capability;

  • 2.

    Describes the structure and organization of the incident response capability;

  • 3.

    Provides a high-level approach for how the incident response capability fits into the overall organization;

  • 4.

    Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;

  • 5.

    Defines reportable incidents;

  • 6.

    Provides metrics for measuring the incident response capability within the organization;

  • 7.

    Defines the resources and management support needed to effectively maintain and mature an incident response capability;

  • 8.

    Addresses the sharing of incident information;

  • 9.

    Is reviewed and approved by personnel or roles frequency ; and

  • 10.

    Explicitly designates responsibility for incident response to entities, personnel, or roles .

• b.

  Distribute copies of the incident response plan to incident response personnel ;

• c.

  Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;

• d.

  Communicate incident response plan changes to organization-defined incident response personnel (identified by name and/or by role) and organizational elements ; and

• e.

  Protect the incident response plan from unauthorized disclosure and modification.