SANS Incident Response Planning
Below is a brief summary of the process, and in the following sections we’ll go into more depth about each step: Preparation—review and codify an organizational security policy, perform a risk assessment, identify sensitive assets, define which are critical security incidents the team should focus on, and build a Computer Security Incident Response Team (CSIRT).…