Fetching contributors…
Cannot retrieve contributors at this time
72 lines (42 sloc) 2 KB
layout title type track technology related-to status when-day when-time location organizers participants outcomes
Playbooks vs Handbooks
Security Playbooks
mereged with Playbooks Common Format
Tiffany Long, Jonas Vanalderweireldt

A Playbook can be

"A document defining one or more business process workflows aimed at ensuring a consistent response to situations commonly encountered during the operation of the business" (Wikipedia)


The Cisco security blog describes a Playbook in the following way:

"... To be clear, the Playbook is for organizing and documenting security monitoring. It isn’t an incident response handbook or a policy document or any other type of security document or handbook. The Playbook may reference things like the Incident Response Handbook or Acceptable Use Policy, but it isn’t a replacement for these...."

(see Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy )

But should this distinction be made?

Isn't it better to consolidate the actions of the SecOps Team, AppSec Team, and SOC into Playbooks (i.e. workflows on how to act/behave)?

This Working Session will discuss and clarify these issues with the aim of agreeing on a definition of Playbook.


  • Clarify concepts
  • Agree on definition of Playbook


  • Agreed definition of Playbook


The target audience for this Working Session is:

  • Security teams

Working materials

Here are the current 'work in progress' materials for this session

(please add as much information as possible before the sessions)


1. Introduction and purpose

2. Executive summary

3. Playbook (template table)

4. Global glossary

5. Conclusion