During a tabletop exercise, the CSIRT discovers that the organization lacks a clear chain of command for decision-making during incidents. Which document should be updated to address this gap?
The IR plan outlines the chain of command and communication structure.
Why this answer
Option A is correct because the incident response plan should define roles, responsibilities, and escalation paths. Option B is for regular operations. Option C is for network architecture.
Option D is for user training.