I am a young cybersecurity professional and my bos just assigned me the task of doing some research regarding the best practices to organize the playbooks for cyber incident response within my company.
Right now we do have some playbooks here and there on our network, but the whole thing is not well organized. I feel like we should improve this aspect before automating the processes with a SOAR.
I already did some research, but the output was unconclusive, I’m not sure if there are any best practices. Maybe I found something regarding the classification of the playbook by type (e.g. Malware, Phishing, Root Access, …) , but every documentation i dound is diffrent.
Could you help me? Do you know and book or documentation?
Do you have any experience on this field? Any hint is aprecieted.
Thank you in advance! :)