Incident response policy
Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy from TechRepublic Premium provides a foundation from which to start building your specific procedures.
From the policy:
ASSIGN AN INCIDENT RESPONSE TEAM
An incident response team should be put together and a list created with names, contact information and specific responsibilities including:
- Incident handler: The security contact and any alternate contact(s) who have system admin credentials, technical knowledge of the system and knowledge of the location of the incident response plan.
- Resource manager: A local authority/decision maker for the system who understands the business impact of the system and its unavailability.
- Incident manager: Someone who will coordinate incident response and activities related thereto, manage involved staff and conduct a post-mortem review after the incident has been resolved to determine root cause and prevent recurrence.