Description should include
- incident response plan
- documented incident types/category definitions
- roles and responsibilities
- reporting requirements/escalation
- cyber-incident response teams
- exercise
- incident response process
- preparation
- identification
- containment
- eradication
- recovery
- lessons learned.
Process/Skill Questions:
- What is the difference between an incident response plan and an incident response process?
- Why is it important to have incident response exercises?
- How does chain of custody apply to the incident response process?