Chapter 21 Response Plan

documented. allows planning & practice

so people know what to do, their priorities, who does it with preapproved authorization to spend money or use time.

turn off compromised systems
disconnect from network

Resources available for response:
people of correct skills
tools to get info about activities
external support: security response organizations, consultants, law enforcement
implies some public awareness of incident.

Legal review of plan: so it's enforceable & defensible
consistent with other policies & procedures
best practices in the industry