Incident Response Policy (IRP)

matradleymatradley Posts: 549Member
I have, pretty much, read two books on Security+ and I have noticed a slight difference in opionion over the IRP. The one in the Sybex book notes that the IRP is:

- Identify;
- Investigate,
- Repair;
- Record (Report) the Response; and
- Adjust Procedure (Policy).

Is this consistent with the IRP's any of you have studied?
From Security+ book by Sybex:
"One of the nice things about technology is that it's always changing. One of the bad things about technology is that it's always changing."

Comments

  • Vogon PoetVogon Poet Posts: 291Member
    The actions you list would be topics that need to be addressed in an IRP.
    I would say that they outline steps to take in an Incident Response.
    As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
    The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.
    No matter how paranoid you are, you're not paranoid enough.
  • matradleymatradley Posts: 549Member
    Vogon Poet wrote:
    The actions you list would be topics that need to be addressed in an IRP.
    I would say that they outline steps to take in an Incident Response.
    As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
    The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.
    Thanks! :D
    From Security+ book by Sybex:
    "One of the nice things about technology is that it's always changing. One of the bad things about technology is that it's always changing."
Sign In or Register to comment.