We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.
The following sections are missing:
• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
• Training: specify a training frequency
• Plan testing: How (and how often) will you test the plan?
• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.
• Incident Notification: What happens when an incident is detected?
• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?