The training and skills medium
The Incident Response Plan (IRP) is a set of predefined procedures designed to detect, analyse, contain, eradicate and recover from a cyber security incident (intrusion, ransomware, data leak, etc.). It aims to react effectively to minimise the technical, financial and reputational impact.
A Disaster Recovery Plan (DRP) is a strategic document that describes the procedures and actions to be implemented to enable an organisation to resume its critical activities as quickly as possible following a major IT security incident (cyber attack, hardware failure, natural disaster, etc.).
A privacy policy is a legal document that explains how an organisation collects, uses, stores, shares and protects the personal data of its users or customers. It ensures transparency and compliance with data protection laws, such as the RGPD in Europe or the CCPA (California Consumer Privacy Act) in the United States.
A backup policy is a formalised document defining the rules, procedures and responsibilities for creating, storing, managing and restoring backup copies of an organisation's critical data.
A security policy is a strategic and operational document adopted by any organisation (company, association or government institution) that defines a set of rules, guidelines and procedures designed to protect information assets (data, systems, infrastructure, etc.) against all threats. These threats may be internal (human error, technical failures, internal malice) or external (cyber attacks, intrusions, malicious software).