Playbooks vs Handbooks
A Playbook can be
“A document defining one or more business process workflows aimed at ensuring a consistent response to situations commonly encountered during the operation of the business” (Wikipedia)
The Cisco security blog describes a Playbook in the following way:
“… To be clear, the Playbook is for organizing and documenting security monitoring. It isn’t an incident response handbook or a policy document or any other type of security document or handbook. The Playbook may reference things like the Incident Response Handbook or Acceptable Use Policy, but it isn’t a replacement for these….”
But should this distinction be made?
Isn’t it better to consolidate the actions of the SecOps Team, AppSec Team, and SOC into Playbooks (i.e. workflows on how to act/behave)?
This Working Session will discuss and clarify these issues with the aim of agreeing on a definition of Playbook.
- Clarify concepts
- Agree on definition of Playbook
- Agreed definition of Playbook
The target audience for this Working Session is:
- Security teams
Here are the current ‘work in progress’ materials for this session
(please add as much information as possible before the sessions)
1. Introduction and purpose
2. Executive summary
3. Playbook (template table)
4. Global glossary
Back to list of all Working Sessions and Tracks
Edit this page here