To keep its incident response capability aligned with the constantly changing threat landscape, what ongoing activity should an organization perform with its incident response plan (IRP)?
Reassign all tasks in the IRP to a single systems administrator to streamline coordination.
Place the IRP in long-term archival storage and retrieve it only after a critical breach has occurred.
Publish the IRP publicly on the organization's website so external researchers can suggest improvements.
Schedule and conduct regular tabletop or live exercises, then revise the IRP based on identified gaps.
An incident response plan is a living document. Best-practice frameworks such as NIST SP 800-61 recommend running periodic tabletop or live exercises, capturing lessons learned, and revising the plan accordingly. This continuous cycle validates procedures, updates contact lists, and incorporates new threat intelligence. Simply archiving the plan, consolidating all duties under one person, or publishing it publicly do not ensure that the plan will work when needed and may introduce additional risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to regularly test an Incident Response plan?
Open an interactive chat with Bash
What are some examples of 'new and emerging threats' that an Incident Response plan should address?
Open an interactive chat with Bash
How can organizations ensure their Incident Response plan remains updated and relevant?