[jpurdy@ohiochristian.edu]

Marcena,

Thanks for sharing this great information including the URL.

Yes, there should be SOPs (Standard Operating Procedures) that departments and employees know their roles and responsibilities as incidents occur. There should be on-going training on those procedures so that people remember them even when they are feeling the pressure of an incident or vulnerability. There should also be an outline of the separation of duties, acceptable use policies, and aawreness by users. There could also be target goals to get systems back online or back up strategies for server failures.