Every one of the InfoSec frameworks out there require you to have a documented Computer Incident Response Plans (CIRP) that is tested on an annual basis. I wrote the McGraw-Hill book, “The Computer Incident Response Planning Handbook” and speak on the topic frequently. I have a “day job” which for the past several years included managing Incident Response for a Fortune 100 company. I am looking for some “side work” helping organizations develop/maintain/validate/test their CIRP. Here is the link to my book on Amazon: http://www.amazon.com/Computer-Incident-Response-Planning-Handbook-ebook/dp/B008J58DLQ/ My professional bio and 6 great reviews are also on the page. Let me know if you are interested in getting help with your CIRP. I can provide you more information.