This chapter presents a repeatable collaboration process as an approach for developing a comprehensive Incident Response Plan for an organization or team. Despite the process of incident response planning being an essential ingredient in security planning procedures in organizations, extensive literature reviews have not yielded any collaborative processes for such a crucial activity. As such, this chapter will discuss the background of incident response planning as well as Collaboration Engineering, which is an approach to design repeatable collaborative work practices. We then present a collaboration process for incident response planning that was designed using Collaboration Engineering principles, followed by a discussion of the application process in three cases. The presented process is applicable across organizations in various sectors and domains, and consist of codified “best facilitation practices” that can be easily transferred to and adopted by security managers. The chapter describes the process in detail and highlights research results obtained during initial applications of the process.
There is a significant amount of research in the area of IT contingency planning and, as a part of that, incident response planning. However, based on our research of existing literature we conclude that no collaborative process has been presented for security practitioners. The background in this chapter will first discuss relevant research related to incident response planning. Then we discuss the Collaboration Engineering approach that was used to design the repeatable incident response planning process.