Review existing customer capabilities, reporting systems, alerting systems, team structure, reporting structure
Write Incident Response Policy (NIST IR)
Write IR procedure
Write IR plan
- Includes establishing IR team with duties based on existing teams
- Indicates external reporting requirements based on framework
Write IR testing procedures with testing frequency
Generate IR test plan based on frequency within service period
- Customer executes test
Review test results
- Draft lessons learned
- Draft IR plan modifications based on test results

Incident Response