Chapter 29 Incident Evaluation

how well did the response plan work, what failed.
how can it be improved
business impact analysis $

Processes of plan:
--evoked soon?
--followed closely?
--where was it good, where bad?
--what was not in the plan?

--appropriate people identified?
--up-to-date contact list?
--available & familiar with plan?
--right number?

--contacts made?
--secured comm used?

--expertise to use them?

Process improvement:
Determine resources required to improve response plan:

Prioritize based on:
--ROI usually primary concern
--most visibility
--management's biggest concerns
--quickest to implement
--least expensive

Develop a plan to implement the changes

Gain management commitment

Allocate resources

Implement changes