Incident Response Policy (IRP)

I have, pretty much, read two books on Security+ and I have noticed a slight difference in opionion over the IRP. The one in the Sybex book notes that the IRP is:

- Identify;
- Investigate,
- Repair;
- Record (Report) the Response; and
- Adjust Procedure (Policy).

Is this consistent with the IRP's any of you have studied?

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

Vogon Poet

The actions you list would be topics that need to be addressed in an IRP.
I would say that they outline steps to take in an Incident Response.
As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.

matradley

Vogon Poet wrote:

The actions you list would be topics that need to be addressed in an IRP.
I would say that they outline steps to take in an Incident Response.
As far as the policy is concerned, it would flesh out the necessary actions and identify who would carry them out, much like a DRP.
The only adjustment that I would make on your outline is to ensure that everything is documented and not just the Response.

Thanks!