Remediation Plan (RP)

No: 56224/67

Date(g): 13/5/2019 | Date(h): 9/9/1440

Status: In-Force

Effective from 2019-05-13 - May 12 2019
To view other versions open the versions tab on the right

The White Team should draft a Remediation Plan, which should be based on the Red Teaming Evaluation Report and the Blue Team Report. The remediation plan should provide clear areas of improvements, priorities and a roadmap how and when to improve the prevention (e.g. hardening), detection, response and recover capabilities within the Member Organization. Important is that the status and progress of the remediation plan is monitored and periodically reported to the Cyber Security Committee of the Member Organization as well as the Green Team.

Below the outline of the report and the required elements (not limitative):

Remediation Plan (RP)
1.	Introduction
2.	Executive summary
3.	Background of the remediation plan
	•	Goal and objectives of the remediation plan
4.	Target audience and stakeholders
5.	Agreed recommendations and areas of improvement provided by the Red and Blue Team
	•	Agreed recommendations focused on people, process and technology,
	•	Agreed recommendations focused on (prevention) detection, response and recover
	•	Agreed priority rating for each recommendation
6.	Prioritized list of the agreed areas of improvement
7.	Agreed Remediation Plan
	•	What, when, where, and how
	•	Overview of the persons-to-act (e.g. where possible involvement business management)
	•	Agreed due dates
8.	Roadmap for the agreed and prioritized improvements
9.	Frequency of updating the Cyber Security Committee of the Member Organization and the Green Team
10.	Project Management Organization
	•	People/teams involved
	•	Overview of the relevant tasks and responsibilities
Appendices
	•	The list of involved departments, teams and team members
	•	Screenshots with supporting evidence
	•	Any other supportive materials
The remediation plan should be classified as: Confidential / Internal Use Only

Soft Launch