Planning overview
This section maps features to a step-by-step playbook design process.
Creating a playbook involves a set of incident types, phases, tasks, fields, workflows, scripts and rules to respond to an incident through intelligence, automation, and orchestration. Before creating a playbook, you need to understand your organization’s policies for responding to events.
Organizations typically follow pre-defined methods and standards when dealing with incidents,
whether it be an emphasis on tools and automation, reporting and metrics, or information sharing.
The following set of industry standards can help define your incident program:
- NIST Special Publication 800-61R2 (August 2012): Computer Security Incident Handling Guide
- Verizon’s VERIS Framework: Vocabulary for Event Recording and Incident Sharing
- Department of Defense CJCSM 6510.01B (18DEC14): Cyber Incident Handling Program
Before starting, familiarize yourself with the various tools and capabilities of Orchestration & Automation as described in Playbook toolkit. After, use the configuration procedures in this guide to create your playbook.