Last Updated: 2009-09-02 19:39:58 UTC
by Chris Carboni (Version: 1)
I had an interesting conversation the other day with a good friend regarding the merits of having specific incident response plans for common types of incidents. My argument was (is) that by having plans for specific types of incidents thought out in advance and pre-planned (mail server DoS for example) you can recover from the incident much faster and lessen the impact of the incident. His counter argument was that writing all those plans and getting them approved is too much work to justify the small amount of time he says would be saved in recovery. After all, you know what you're going to do, right?
What do you think? Is it a small amount of time? Does it depend on the size of the organization? The value of the asset? What criteria do you use to determine what specific scenarios you have written plans for?
Christopher Carboni - Handler On Duty