Incident Response Plan
Incident Response Plan Articles:
What is the Incident Response Plan module?
Incident Response Plan (IRP) is a new module introduced in Totem™ release 5.0. Using the IRP module, you can develop a customized and exportable Incident Response Plan, which describes:
- Members of your incident response team and their role(s)
- Your organization's critical business capabilities and the recovery metrics (RTO, RPO, MTD, etc.) associated with those capabilities
- Records of tabletop/simulated cybersecurity incidents, including the parties involved, the scenario, a summary of the exercise, lessons learned, and root cause analysis
What are the differences among the Incident Response Plan contact types?
When creating an incident response contact, you may select from one of four roles:
- Computer Security Incident Response Team (CSIRT) Contact: Those responsible for ensuring the tactical effectiveness of the IRP. This could include members internal to the organization, such as the IT Director, as well as members external to the organization, such as a third-party Managed Security Service Provider (MSSP).
- Primary Internal Incident Response (IR) Contact: Those responsible for ensuring the strategic effectiveness of the IRP. This is typically the organization's Information Security Officer (ISO).
- Contract Officer Contact: The individual(s) within the U.S. Government responsible for issuing and terminating the contract and ensuring that the federal contract is executed in accordance with applicable laws and regulations.
- United States Government (USG) Program Manager Contact: The individual(s) within the U.S. Government responsible for managing the overall success of the program or project covered by the federal contract.