Incident Response Policy Template
An excellent template for an Incident Response Policy can be found in RFC 2350 here. While this is a template for a computer security incident response team (CSIRT), it has a lot of the same structure you would need for an Incident Response Policy.
It even has a filled out example of the template. Here’s an excerpt:
5.1.2 Incident Coordination
- Determining the initial cause of the incident (vulnerability exploited).
- Facilitating contact with other sites which may be involved.
- Facilitating contact with XYZ University Security and/or appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
5.1.3 Incident Resolution
- Removing the vulnerability.
- Securing the system from the effects of the incident.
- Evaluating whether certain actions are likely to reap results in proportion to their cost and risk, in particular those actions aimed at an eventual prosecution or disciplinary action: collection of evidence after the fact, observation of an incident in progress, setting traps for intruders, etc.
- Collecting evidence where criminal prosecution, or University disciplinary action, is contemplated.
In addition, XYZ-CERT will collect statistics concerning incidents which occur within or involve the XYZ University community, and will notify the community as necessary to assist it in protecting against known attacks.
Check it out!
Assessing the cash flow is one more essential element within the company strategy format, so as to sustain a normal cash flow to meet the essential capital needs. Probability of monetary crisis and also the methods of crisis management must be pointed out in the structure. The business strategy should consist from the marketing plans and strategy leading towards the expansion in the organization.
http://mx518.info/mx518-gaming-optical-mouse/