During a tabletop exercise, you are reviewing the organization's incident response plan to confirm it covers everything required in the PREPARATION phase described by NIST SP 800-61. One section appears misplaced because it belongs in a business-continuity or IT-operations document instead. Which section should you recommend removing from the incident response plan?
An incident response plan should concentrate on activities that enable rapid detection, analysis, containment, eradication, and recovery. It therefore documents on-call contacts, communication templates, and technical procedures for isolating systems. A detailed backup rotation and off-site media storage schedule is normally maintained in backup or BC/DR documentation; while backups may be referenced during recovery, the day-to-day rotation schema is outside the scope of incident response preparation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are employee work schedules and vacation policies not included in an incident response plan?
Open an interactive chat with Bash
What are the key phases of a comprehensive incident response plan?
Open an interactive chat with Bash
Why is communication strategy important in an incident response plan?