incident response plan
-
Can anyone recommend a short incident response plan template? I have a client that is required to have one, and I'm looking for a template is appropriate for a real small firm.
-
@mike-davis said in incident response plan:
Can anyone recommend a short incident response plan template? I have a client that is required to have one, and I'm looking for a template is appropriate for a real small firm.
Security or Disaster Recovery?
-
Looks like both from their description:
INCIDENT RESPONSE AND MANAGEMENT
Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g.,plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems. -
@mike-davis said in incident response plan:
Looks like both from their description:
INCIDENT RESPONSE AND MANAGEMENT
Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g.,plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.Gotcha, let me look at the ones I wrote for Government agencies.
-
I based it off SANS and NIST
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
https://csrc.nist.gov/csrc/media/publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf -
Thanks. SANS was the first place I went, but when I looked at that I was like this is crazy for a business that doesn't have any internet facing servers. Only because of other requirements are they even adding a server, but everything is inside their firewall. Their plan on the security side is to call me. Same for the DR side... Maybe for the audit I should just have them attach my business card as "the plan."
-
-
@mike-davis said in incident response plan:
Thanks. SANS was the first place I went, but when I looked at that I was like this is crazy for a business that doesn't have any internet facing servers. Only because of other requirements are they even adding a server, but everything is inside their firewall. Their plan on the security side is to call me. Same for the DR side... Maybe for the audit I should just have them attach my business card as "the plan."
"The Plan"... Sounds like the name of a Mafia Hitman.
-
@dafyre said in incident response plan:
@mike-davis said in incident response plan:
Thanks. SANS was the first place I went, but when I looked at that I was like this is crazy for a business that doesn't have any internet facing servers. Only because of other requirements are they even adding a server, but everything is inside their firewall. Their plan on the security side is to call me. Same for the DR side... Maybe for the audit I should just have them attach my business card as "the plan."
"The Plan"... Sounds like the name of a Mafia Hitman.
i can totally see anyone around here piping up with "I AM the plan!"
-
