Recovery strategies are updated
Recovery plan is executed during or after a cybersecurity incident
Notifications from detection systems are investigatedÂ
The impact of the incident is understood
Forensics are performed
Incidents are categorized consistent with response plans
Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)
Personnel know their roles and order of operations when a response is needed
Incidents are reported consistent with established criteria
Information is shared consistent with response plans
Passcode