Here are some components of an Incident Response Plan (for information security people):
1. Access to activity logs
2. An up-to-date network diagram
3. Blueprint for public disclosure
4. Hostname-IP address maps
5. IR fire drills before the event
6. Plan for finding malicious files after the breach
I'm certain these information security notes will come in handy someday.