Incidents can be categorized into runbooks for which a standardized response process can be defined, eliminating inconsistency and ambiguity while increasing operational efficiency. Clearly document use cases that pertain to the incidents commonly faced by your organization.
Customize the Malicious Email Runbook by including the following sections for each single email account multiple email accounts and executive email accounts:
- Incident summary
- Escalation process diagram
- Detailed response procedures
- Revision history
Align the response procedures with Phase 2: Operate, as outlined in the Develop and Implement a Security Incident Management Program blueprint.