Guides
- NIST SP 800-84 – Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
- NIST SP 800-115 – Technical Guide to Information Security Testing and Assessment
- SANS Institute InfoSec Reading Room – Incident handling Handling Annual Testing and Training
Example Tools
Sample Policy & Procedures
- SANS Institute – Security Response Plan Policy
- Environmental Protection Agency – CIO 2150-P-08.2 – Information Procedure – Information Security – Incident Response Procedures
- State of Alabama – Information Technology Policy – Policy 604-01: Cyber Security Incident Response