Playbooks vs Handbooks


From Wikipedia a Playbook can be

“A document defining one or more business process workflows aimed at ensuring a consistent response to situations commonly encountered during the operation of the business”

Why

Cisco version of playbooks mentions (see Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy )

“… To be clear, the Playbook is for organizing and documenting security monitoring. It isn’t an incident response handbook or a policy document or any other type of security document or handbook. The Playbook may reference things like the Incident Response Handbook or Acceptable Use Policy, but it isn’t a replacement for these….”

But should this distinction be made?

Isn’t it better to consolidate the actions of the SecOps Team, AppSec Team and SOC into Playbooks (i.e. workflows on how to act/behave)

What

  • Clarify concepts
  • Agree on definition of Playbook

Who

  • Security teams


Back to list of all Working Sessions and Tracks

Edit this page here