Chapter 23: Incident Response, Disaster Recovery and Continuity of Operations (Business Continuity)
Incident Response Plan
Documented incident types
Roles and responsibilities
Reporting
Escalation
Cyber-incident response teams
Incident Response Process
-
-
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned (Postmortem)
-
The SY0-601 revision of the Security+ certification adds knowledge of SOAR (Security Orchestration, Automation, and Response), particularly the concepts of Runbooks and Playbooks. See this discussion:
https://enterprisersproject.com/article/2020/10/what-is-soar-security-orchestration-automation-and-response
And this article covers some of the differences between runbooks and playbooks:
How to Create Runbooks: A Small Business Guide
https://www.fool.com/the-blueprint/runbook/
Disaster Recovery (when the meteor wipes your business off the Earth)
Recovery Sites
Hot
Warm
Cold
Order of Restoration
Backups
Copy
Full
Differential
Incremental
Geographic Considerations
Off-site backup requirements
Distance
Location
Legal
Data Sovereignity
Business Continuity
Tabletop exercises
After-action reports
Failover
Alternative processing sites
Alternative business practices