Update and maintain: Make sure that the incident response plans are updated regularly, and that information is kept current. If new assets are added to the network or new employees added, make sure the plan reflects any relevant changes. This should be done yearly at the least.
Lastly, no matter how good the plan is, it never survives its first real test. Make sure there is an after action report made, and that any mistakes, problems, or failures are learned from. Adjust plans and policies as needed.
Sign up for Computerworld eNewsletters.