CMMC Practice IR.2.096
Develop and implement responses to declared incidents according to predefined procedures.
Bold Coast Security Guidance
Predefine a series of common incidents your organization my face and we suggest placing them in an appendix to your Incident Response Plan. These could be
• A coordinated phishing attack, called spear phishing
• A lost or stolen laptop, mobile device or other hardware
• A physical security breach, or an environmental alarm triggered
• A denial of service attack.
It is impossible to imagine, or plan for, every possible incident that may occur. It may, so make updating or creating new procedures part of your post-incident review (IR.2.097) to help inform future responses.
CERT RMM V1.2
Responding to an organizational incident is often dependent on proper advance planning by the organization in establishing, defining, and staffing an incident management capability.
Responding to an incident describes the actions the organization takes to prevent or contain the impact of an incident on the organization while it is occurring or shortly after it has
occurred. The range, scope, and breadth of the organizational response will vary widely depending on the nature of the incident. Incident response may be as simple as notifying users to avoid opening a specific type of email message or as complicated as having to implement service continuity plans that require relocation of services and operations to an off-site provider. The broad range of potential incidents requires the organization to have a broad range of capability in incident response.