Getting More Out of Your Plans
In this chapter, I’ll discuss the additional value of incident response plans in addition to mitigating certain risks. As discussed in Matthew Todd’s Chapter 2, the standard of due diligence for information security management is a moving target at best. Information security professionals must regularly perform tasks that establish due diligence in the protection of their organization. A documented plan creates an opportunity to demonstrate to management, auditors, and individuals that the organization is ...