BLUF: This document contains the guidelines for Incident Response for our organization, Aquatic Activity Inc.

Incident Identification

The type of attack must have a specific classification (ransomware, malware, etc.). Each incident will be labeled based off severity criteria (Low, Medium, High, Critical). This will prevent delays in response and give the response team better information.

Roles and Responsibilities

The Response Team will have a hierarchal structure for more streamlined decision making. Escalation pathways will be listed throughout the building. Contact lists for internal and external authorities must be available as well.

Containment and Eradication

All threats must be immediately isolated and disabled. Guidelines will be set forth for evidence preservation, system restoration, validation testing, and recovery. This will avoid violating insurance guidelines and destroying forensic evidence.

Communication

Guidelines for internal communication are defined within the policy. Timelines for executive briefing are listed. Regulatory compliance is considered within requirements for customer notification and public relations.

Conclusion

With proper leadership and communication structure, incident response can be streamlined to avoid delay. Proper communication and recovery methods must be adhered to so greater damage is avoided.