Playbooks vs Handbooks

From Wikipedia a Playbook can be

“A document defining one or more business process workflows aimed at ensuring a consistent response to situations commonly encountered during the operation of the business”


Cisco version of playbooks mentions (see Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy )

“… To be clear, the Playbook is for organizing and documenting security monitoring. It isn’t an incident response handbook or a policy document or any other type of security document or handbook. The Playbook may reference things like the Incident Response Handbook or Acceptable Use Policy, but it isn’t a replacement for these….”

But should this distinction be made?

Isn’t it better to consolidate the actions of the SecOps Team, AppSec Team and SOC into Playbooks (i.e. workflows on how to act/behave)


  • Clarify concepts
  • Agree on definition of Playbook


  • Security teams

Back to list of all Working Sessions and Tracks

Edit this page here