IncidentResponsev2

Review Organizational Information Security Policy and Constraints Task

Conditions

• IR team activated to support a mission partner.
• Security policies and IT governance documents are available.

Standards

• Request and review the organization’s Information Security and IT policies before mission execution.
• Understand constraints on VPN access, removable media, and data handling.
• Use policies to inform IR team operating procedures.

Procedural Steps (Checklist)

Request Security Policies

• Contact mission partner POC to request:
  • Information Security Policies
  • Acceptable Use Policies (AUP)
  • Network Access Policy
  • Data Handling Policy

Review and Analyze Policies

• Assign team member to review documents.
• Identify constraints relevant to IR operations:
  • VPN access requirements
  • Restrictions on removable media
  • Data transfer limitations
  • Logging and monitoring obligations

Adjust IR Operations Accordingly

• Brief IR team on constraints.
• Update IR checklist or playbooks to reflect policy-driven restrictions.
• Log policy review and adjustments in mission documentation.

Engage Legal/Compliance (if required)

• If unclear or restrictive policies exist, escalate for review.
• Obtain approvals for deviations or waivers.

Tools

• PDF viewers (Adobe Reader, Foxit)
• Policy review checklist (Excel, Confluence template)

End State

• IR team operations aligned to mission partner security requirements.
• No policy violations during incident response activities.

Revision History

Date	Version	Description	Author
2025-05-02	1.0	Expanded procedural checklist for policy review process	Leo