This unit VU23221 – Evaluate and test an incident response plan for an enterprise aims to provide you with the Job skills & knowledge including forming the IR team, clarifying roles, interpreting an incident response plan (IRP), using red and blue teams to test the IRP, implementing an incident, evaluating the IRP for its effectiveness and developing improvement.

Their relevance to industry is highlighted below.

No organisation, either a start-up or a medium scale organisation has the privilege to assume that the adversaries would not be interested in them. Even if they are not the targets, they can be victims if they have not taken appropriate steps to be prepared in case of an Incident. This unit will advance your knowledge in the following:

• An understanding of the roles associated with an Incident Response Team
• Ability to create an Incident Response Plan document for an organisation in accordance with the Incident Response Plan template as devised by the ACSC (Australian Cyber Security Centre)
• Awareness in relation to the Training Strategy associated with Incident Response Teams: Role of Red Teams, Blue Teams and Purple teams