Elements and Performance Criteria
- Plan incident response plans
- Identify and gather information on organisational environment, procedures and processes and cyber security threats
- Discuss and confirm ideas and plans with management and gain approval in developing response plans
- Establish response committee and roles and responsibilities of each individual according to organisational procedures
- Identify required services and assets in developing test plans
- Develop and confirm incident response plans
- Establish and confirm recovery time objective (RTO) and recovery point objective (RPO) in disaster recovery according to organisational requirements
- Discuss and establish test scenarios
- Establish and confirm test frequency according to organisational requirements
- Develop test baselines and metrics according to organisational procedures
- Confirm and document draft test plans with required personnel and respond to feedback accordingly
- Test cyber security incident response plan according to testing procedures
- Identify, address and report errors noted in testing phase, within scope of own role
- Finalise incident response plans