Development of a comprehensive cyber incident response plan (CIRP) flows from completion of steps 5 and 6 in the accompanying article: performing the threat, vulnerability and impact assessment and preparation of the mitigation plan. Together, those steps help determine which exposures, vulnerabilities and risks to mitigate and the funding required to achieve mitigation objectives.
The CIRP is a confidential document that contains four main sections: Introduction and Organization, Resources and Authorizations, Response and Mitigation, and Remediation and Post-Incident Review. The CIRP may be available as a web interactive document or as a PDF via the web, email or other physical delivery method.