Exercises and emergencies¶

Two kinds of procedure sit here. The exercises are the ones run on a calm afternoon: confirming a backup actually restores, checking what the organisation is exposing to the internet. Done regularly, they are what stops a calm afternoon turning into a bad night.

The emergencies are the ones reached for when something has already happened: a reported phishing email, a lost laptop, a domain that has stopped resolving. They are written to be followed under pressure, by whoever is on hand, with the first containing step up front.

The first-hour page in the parent section is the starting point for a suspected compromise that does not fit one of these; these procedures handle the specific cases.