-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Digital Forensics and Incident Response
By :

With the IR charter written and the CSIRT formed, the next step is to craft an IR plan. An IR plan is a document that outlines the high-level structure of an organization’s response capability. This is a high-level document that serves as the foundation of the CSIRT. The major components of an IR plan are set out here:
Not all incidents are equal in their severity and threat to the organization. For example, a virus that infects several computers in a support area of the organization will dictate a different level of response than an active compromise of a critical server. Treating each incident the same will quickly burn out a CSIRT as they will have to respond in the same way to even minor incidents.
As a result, it is important to define within the IR plan an incident classification schema. By classifying incidents and gauging the response, organizations make better use of the CSIRT and ensure that they are not all engaged in minor issues. Here is a sample classification schema:
Change the font size
Change margin width
Change background colour