Computer security incidents are not a matter of if; rather when.
The function of having an incident response (IR) plan is to provide guidance to staff, both technical staff and management, on how to quickly and effectively recovery from the information security incidents.
An IR plan is also needed to ensure staff responds in a systematic manner to incidents, rather than everyone doing things in an ad hoc manner.
In The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk, N.K. McCarthy provides a high-level guide on how to develop an IR plan.
The book contains the high-level areas in which to develop an IR plan. Anyone firm who has yet to create an IR plan (and they should be ashamed of themselves if they don’t have one) can use The Computer Incident Response Planning Handbook as a starting point.
Full review to follow.