Responding to active impact runbooks¶
Runbooks for responding to active impact events, one register below the impact family pages: the terse, do-this-now procedures. The first two cover the destruction-and-extortion family (ransomware, data destruction, business-process fraud); the rest are one per family, for the impacts that leave the infrastructure standing.