Summary
In this chapter, we discussed the steps that you need to take to recover from an incident. This included information gathering, communications, and root cause analysis. We should have policies and procedures written to determine what to communicate and when we should communicate it. We also need to understand our audience and the information that is being communicated.
We need to gather information on the steps taken to recover from an incident. Much like we did when discussing the Response function with gathering information for putting together a timeline, we need to take similar steps when collecting information for the recovery. Be as detailed as possible. We want to have the ability to recreate an incident if needed through our documentation.
We will need a CCP for what we communicate and with whom. Different audiences will require different types of communication and information to be divulged. For example, you may have been subjected to a compromise of a third...
