Assignment:
Using NIST's SP 800-61 "Computer Security Incident Handling Guide", develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections:
Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
Training: specify a training frequency
Plan testing: How (and how often) will you test the plan?
Incidents: What defines an "incident"? Define some security incidents that you may encounter on your network.
Incident Notification: What happens when an incident is detected?
Reporting/tracking: How will you report and track incidents? What about capturing "lessons learned"?
Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens. In this section, address the following subsections specific to your risk that you are identifying.
Preparation
Detection and Analysis
Containment
Eradication
Recovery and Post-Incident Activity
Note: there are several scenarios in the appendix of the NIST document. You can use, for instance, Scenario 11: Unknown Wireless Access Point to help develop the response procedures for wireless access, as an example.