Describe the elements that should be included in an incident response plan as stated in NIST.SP800-61 r2Implementing Cisco Cybersecurity Operations (210-255)
NIST’s SP 800-61 was developed to help organizations formulate incident response plans. It can be found here. Each organization’s incident response plan will be different. There are some key elements that occur in most plans.
- Strategies and Goals
- Senior management approval
- Organizational approach to incident response
- How the organization will communicate
- Metrics for measuring incident response capability
- Roadmap for the incident response capability
- Explanation of how the program fits with the organization.
There are also key policy elements explained by NIST.SP800-61 r2.
- Management commitment
- Purpose and objectives of the policy
- Scope of the policy
- Definition of computer security incidents and related items.
- Org structure and definition of roles.
- Prioritization of severity ratings
- Performance measures
- Reporting and contact forms