topic Incident Response SOPs/Policies in Tech Talk https://community.isc2.org/t5/Tech-Talk/Incident-Response-SOPs-Policies/m-p/35604#M2671 <P>Good morning,</P><P>&nbsp;</P><P>I am in the process of reviewing/editing/consolidating my organization's set of SOPs and policy documents regarding incident response.&nbsp; These include DR-BCP, incident response framework, roles and responsibilities, etc..&nbsp; All in all, we have 7-8 documents all surrounding cyber incident response, with a lot of double dipping.&nbsp; I believe this creates confusion, not to mention version control issues.&nbsp; So I was wondering - in your organizations, how many separate documents do you have that deal with cyber incident response?&nbsp;</P> Mon, 09 Oct 2023 09:31:22 GMT N_Bakewell 2023-10-09T09:31:22Z Incident Response SOPs/Policies https://community.isc2.org/t5/Tech-Talk/Incident-Response-SOPs-Policies/m-p/35604#M2671 <P>Good morning,</P><P>&nbsp;</P><P>I am in the process of reviewing/editing/consolidating my organization's set of SOPs and policy documents regarding incident response.&nbsp; These include DR-BCP, incident response framework, roles and responsibilities, etc..&nbsp; All in all, we have 7-8 documents all surrounding cyber incident response, with a lot of double dipping.&nbsp; I believe this creates confusion, not to mention version control issues.&nbsp; So I was wondering - in your organizations, how many separate documents do you have that deal with cyber incident response?&nbsp;</P> Mon, 09 Oct 2023 09:31:22 GMT https://community.isc2.org/t5/Tech-Talk/Incident-Response-SOPs-Policies/m-p/35604#M2671 N_Bakewell 2023-10-09T09:31:22Z Re: Incident Response SOPs/Policies https://community.isc2.org/t5/Tech-Talk/Incident-Response-SOPs-Policies/m-p/35616#M2672 <P>I work with a lot of orgs and review their policies and documentation.</P><P>&nbsp;</P><P>What I typically see:</P><P>&nbsp;</P><P>A BC/DR Policy document</P><P>A CSIR Policy document</P><P>&nbsp;</P><P>A BIA document listing critical applications and their owner, RTO, RPO, etc</P><P>&nbsp;</P><P>A BC/DR plan document (larger orgs will have this as 2 separate plans), which gives the details on how these are done.</P><P>&nbsp;</P><P>A CSIR plan document.&nbsp; Some groups will have a 'run book' or 'play book' with details on how to handle different specific incidents (DDOS attack, malware, ransomware, etc)</P><P>&nbsp;</P><P>Ideally, orgs should do a run thru of their BC plan, DR plan and CSIR plan on at least an annual basis.&nbsp; I am really impressed when orgs do this more then once a year, but that seems rare.</P><P>&nbsp;</P> Wed, 13 May 2020 17:38:53 GMT https://community.isc2.org/t5/Tech-Talk/Incident-Response-SOPs-Policies/m-p/35616#M2672 emb021 2020-05-13T17:38:53Z