Preparation

1. Organization Chart
https://www.investopedia.com/terms/o/organizational-chart.asp#:~:text=Kirsten%20Rohrs%20Schmitt-,What%20Is%20an%20Organizational%20Chart%3F,between%20individuals%20within%20an%20entity

2. Network Diagrams
https://www.lucidchart.com/pages/network-diagram

3. Data Flow Diagrams
https://www.visual-paradigm.com/guide/data-flow-diagram/what-is-data-flow-diagram/

4. Critical Asset, Data and Services List

5. Rules of Engagement (ROE) Limitations and Boundaries
https://csrc.nist.gov/glossary/term/rules_of_engagement

https://www.cyberstudents.org/wp-content/uploads/2021/09/Rules-of-Engagement-NCSA-Facing.pdf

6. Incident Response Plan (IRP)
https://csrc.nist.gov/glossary/term/incident_response_plan

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwii69zA8_X8AhVElWoFHZCMDUsQFnoECB0QAQ&url=https%3A%2F%2Fcdt.ca.gov%2Fwp-content%2Fuploads%2F2017%2F03%2Ftemplates_incident_response_plan.doc&usg=AOvVaw2U2F58Va8VM2EWR9eygz7m

7. Business Continuity Plan (BCP)
https://csrc.nist.gov/glossary/term/business_continuity_plan

https://www.santacruzhealth.org/Portals/7/Pdfs/HPP/CO_Pharm_Template.pdf

8. Disaster Recovery Plan (DRP)
https://csrc.nist.gov/glossary/term/disaster_recovery_plan

https://inside.sou.edu/assets/it/docs/disaster-recovery-plan.pdf

9. Required Notification Guidance
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html#:~:text=Like%20individual%20notice%2C%20this%20media,required%20for%20the%20individual%20notice

10. Â Actions to Date (plan of action and milestones)
https://csrc.nist.gov/glossary/term/plan_of_action_and_milestones

11. Â Physical Access Requirements
https://csrc.nist.gov/glossary/term/physical_access_control_system

12. Â On call/Contracted resources

13. Â Communication Plan
https://www.techtarget.com/whatis/definition/communication-plan

14. Â Authority and Legal Conditions
https://www.secretservice.gov/sites/default/files/reports/2020-12/Preparing%20for%20a%20Cyber%20Incident%20-%20Contacting%20Law%20Enforcement%20v%201.0.pdf

At what point to alert authorities during an incident?
What are the guidelines for the given regulatory entity?

15. Â Threat Intelligence Summary
https://csrc.nist.gov/glossary/term/threat_intelligence_report

16. Â Meetings and Deliverable Reporting Requirements
https://www.simplilearn.com/what-is-a-deliverable-article

17. Â Physical Security Plan
Fencing
Bollards
ManTraps

18. Â Risk Assessment Decision Matrix
https://csrc.nist.gov/glossary/term/risk_assessment

https://www.google.com/imgres?imgurl=https%3A%2F%2Fwww.armsreliability.com%2Fcontent%2FDocument%2FBlog%2FRisk-Matrix-1024x550-1024x550.png&imgrefurl=https%3A%2F%2Fwww.armsreliability.com%2Fpage%2Fresources%2Fblog%2Fbeyond-the-risk-matrix&tbnid=vFKNxWx7YW49gM&vet=12ahUKEwjepPnLqfj8AhVJPUQIHRq8BwsQMygDegUIARDJAQ..i&docid=5z7jsJYLucQqQM&w=1024&h=550&q=Risk%20Assessment%20Decision%20Matrix&ved=2ahUKEwjepPnLqfj8AhVJPUQIHRq8BwsQMygDegUIARDJAQ

19. Â Data and Info Disclosure Procedures

20. Â Consent to Monitor, Collect and Assess Data
See ROE

21. Â MOA/MOU/NDA

MOA/MOU
https://acqnotes.com/acqnote/careerfields/memorandum-of-agreement-moa

https://csrc.nist.gov/glossary/term/memorandum_of_understanding_or_agreement

https://www.pandadoc.com/memorandum-of-agreement-template

NDA
https://csrc.nist.gov/glossary/term/non_disclosure_agreement

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjRsaW0rPj8AhWtlmoFHcMtDzsQFnoECEcQAQ&url=https%3A%2F%2Fwww.hbs.edu%2Fnewventurecompetition%2FDocuments%2FNondisclosure%2520Agreement.docx&usg=AOvVaw03ozW2LX78FE8ynafD559g