Incident Response Policy (IRP)

I have, pretty much, read two books on Security+ and I have noticed a slight difference in opionion over the IRP. The one in the Sybex book notes that the IRP is:

- Identify;
- Investigate,
- Repair;
- Record (Report) the Response; and
- Adjust Procedure (Policy).

Is this consistent with the IRP's any of you have studied?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Vogon Poet

The actions you list would be topics that need to be addressed in an IRP.
I would say that they outline steps to take in an Incident Response.
As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.

matradley

Vogon Poet wrote:

The actions you list would be topics that need to be addressed in an IRP.
I would say that they outline steps to take in an Incident Response.
As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.

Thanks!