# Summary of preparation items Thorough preparation for responding to security events is critical for timely and effective incident response. Incident response preparation involves people, processes, and technology. All three of these domains are equally important to preparation. You should prepare and evolve your incident response program across all three domains. Table 2 summarizes the preparation items detailed in this section. * Table 2 – Incident response preparation items * | Domain | Preparation item | Action items | | --- | --- | --- | | People | Define roles and responsibilities. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | People | Train incident response staff on AWS. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | People | Understand AWS support options. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Process | Develop an incident response plan. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Process | Document and centralize architecture diagrams. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Process | Develop incident response playbooks. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Process | Run regular simulations. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Develop an AWS account structure. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Develop and implement a tagging strategy that helps responders to identify ownership and context for findings. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Update AWS account contact information. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Prepare access to AWS accounts. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Understand the threat landscape. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Select and set up logs. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | | Technology | Develop forensics capabilities. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/security-ir/latest/userguide/preparation-summary.html) | An iterative approach is recommended for incident response preparation. All of these preparation items cannot be done overnight; you should create a plan to start small and continuously improve your incident response capabilities over time.