We need Paper on Risk Assessment for the organization (NASA). The risk should be listed in one of the following links.

The following sections are missing:

• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?

• Training: specify a training frequency

• Plan testing: How (and how often) will you test the plan?

• Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.

• Incident Notification: What happens when an incident is detected?

• Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?

Comments are closed.