I've just posted a new poll about company Incident Response Plans. This is an area that is often over looked and under planned. Many companies don't even realize that there is a need for an IR plan and have no real idea what they would do if an incident occurred. In this day of legal and compliance issues having a plan is no longer just a good idea. The lack of one could cost your company lots more than the cost of clean up. You need to have a plan of attack for a variety of different incidents. The way you would handle a virus outbreak is different than how you would have a server compromise that exposed financial or customer data.
If you don't know where your company stands in regards to an IR Plan don't just take it for granted that they have one. Ask your boss and if there isn't one inform them of the necessity and importance of one. Be prepared to either volunteer to help or be volunteered. :) Do your homework and you may come out smelling like a rose.
Here is the question and the possible answers to choose from. You can find the poll itself here.
When it comes to Incident Response does Your Company
A. Have a formal and tested plan
B. Have a plan that hasn't been tested
C. Has a general idea what they will do
D. Not have a plan