*Maintain a set of packaged scenarios with injects and data to exercise the response process (Task ID: R3-9405)

*Maintain documented procedures for analyzing logs and handling log archive (Task ID: R3-9139)

*Maintain technical competence using industry tools for attacks (i.e. backtrack) (Task ID: R3-9343)

*Report internal and external incident stakeholders involved during and after incident response. (Task ID: R3-9408)

*Report status to maagement at defined stages of response per procedure. (Task ID: R3-9403)

*Understand incident response process and initiate incident according to policies and procedures. (Task ID: R3-9116)

*Understand incident response, notification and log handling requirements of business (Task ID: R3-9191)

*Develop attack scenarios that might be used to intrude upon systems and networks and use table top excercises to guage how personnel might respond in these situations. (Task ID: R3-9239)

*Analyze logs by correlating all suspect systems (Task ID: R3-9106)

*Analyze system configuration (for systems under attack') by correlating with the alerts generated to determine if the alert is real or if the IDS box is gone fishing. (Task ID: R3-9354)

*Report what was analyzed and the list of flagged events, key findings, issues, actions taken (Task ID: R3-9134)

*Review logs, network captures, and traces. (Task ID: R3-9351)

*Update security tools (SEIM, IDS/IPS, Firewalls) with information pertinent to net tools or attacks. (Task ID: R3-9240)

*Configure alerts to monitor for old signatures and failed updates (Task ID: R3-9565)