A repeatable collaboration process for incident response planning

This chapter presents a repeatable collaboration process as an approach for developing a comprehensive Incident Response Plan for an organization or team. Despite the process of incident response planning being an essential ingredient in security planning procedures in organizations, extensive literature reviews have not yielded any collaborative processes for such a crucial activity. As such, this chapter will discuss the background of incident response planning as well as Collaboration Engineering, which is an approach to design repeatable collaborative work practices. We then present a collaboration process for incident response planning that was designed using Collaboration Engineering principles, followed by a discussion of the application process in three cases. The presented process is applicable across organizations in various sectors and domains, and consist of codified "best facilitation practices" that can be easily transferred to and adopted by security managers. The chapter describes the process in detail and highlights research results obtained during initial applications of the process.