I have been doing a lot of work on playbook design and automation recently, and stumbled upon some really great work by Demisto, a security automation platform. I haven’t been able to experiment with the product, so can’t say how good I feel it is. The playbook blog they run, though, is very helpful!
An incident response plan is the cornerstone to preparing for what is coming: an incident (a bit obvious, really). Incidents are those little things that tear businesses up. At it’s core, the Equifax breach was an incident. The Yahoo email scandal was… an incident. The Shadow Broker’s ‘hack’: an incident. Your data center just went down because of an air conditioning malfunction, guess what? Incident! They are everywhere, and cause disruption everywhere they go.