Organizations need an incident response process that is well-documented, efficient and effective. An incident response procedure details the actions that will be taken if a security incident occurs. The primary objectives of this process are to establish a command and control center, develop a plan to rapidly mitigate exposures, and efficiently enact all response activities. All of these efforts are designed to eliminate network and system exposures and to restore normal operations as quickly as possible.
This tool contains two sample policies that can be used by auditors to develop a consistent process for responding to and recovering from security incidents.