In which phase of incident management do we write the procedures?
CBK 7: Security Operations
Source: ThorTeaches.com practice tests
A: Preparation: This are all the steps we take to prepare for incidences. We write the policies, procedures, we train our staff, we procure the detection soft/hardware, we give our incidence response team the tools they need to respond to an incident. The more we train our team, the better they will handle the response, the faster we recover, the better we preserve the crime scene (if there is one), the less impactful an incident will be.