An attack on an information system may require the complete
            rebuilding of the system from a backup since many rootkits and
            other types of malware can be nearly impossible to eradicate.



            Integration with Business Continuity and Disaster Recovery
            Plans

            Many incidents can be handled using an incident management
            plan. However, when an incident would result in an outage or
            interruption of unacceptable length, the focus may shift to
            business continuity and disaster recovery plans. Business
            continuity plans are used to keep critical business products and
            services operational despite the crisis. This may require the
            move of operations to another location or outsourcing certain
            activities. Disaster recovery plans are concerned with the
            rebuilding of IT systems, networks, and operations. The incident
            management plan should be coordinated with the business
            continuity plans so that the business continuity teams can be
            activated and recovery efforts coordinated effectively.

            As changes are made to the organization and the various plans,
            the plans should be reviewed and coordinated to ensure
            consistency or prioritization, timelines, staff, and responsibility.



            Testing the Incident Response Plan
            The best test for an incident response plan is an actual event, but
            obviously, it is best to test the plan before a real incident occurs.
            Various tests should be performed - such as an annual review
            just to make sure contact information is correct, and other data
            in the plan is up to date. As staff changes, the plan must also be