I think it would make a ton of sense for every organization to do a DR "drill" periodically where they attempt to actually use their DR plan (restore a group of servers, reload a switch configuration, etc).
This just seems like a sensible part of that.
What worries me, though, is how they will know when to actually implement a security plan and deal with the consequences. A lot of security breaches are subtle, and you don't know they've happened or at least not always with a definitive sign like a defacement page, etc.
I would assume a "real" security response would be something akin to putting a lot of resources "in lockdown" -- shutting down servers, cutting network links, etc, which could have major business consequences. I can see where uncertainty about a breech and hesitancy to isolate key systems (perhaps necessary to contain a breech) could lead to a real clusterfuck.
I think a key part of developing the plan is deciding when you know there is a real breach and making sure that the responses are well-known ahead of time to avoid a lot of head-scratching and internal conflict.
Treat it just like a DR exercise. The first phase would be confirming the breadth and depth of the incident. Your IDS goes off, or a department reports some missing/vandalized files, or notices some logs with audit warnings that are out of place, and raises the red flag. Next, you need to gather forensic information from every last piece of equipment in your entire organization, quickly, and move it to a sterile location. Whether that is possible or not will determine your ability to move forward strategically or to deploy the airbags and EPO the datacenter before it gets worse. It's really not as mystic as most commentators here make it out to be. Come up with a plan, then hire a pen test firm to do a number on you. Don't tell your front line techs about it (in fact keep it as secret as possible) and wait for the results to come in. If your incident response plan is executed, even in part, you are on the right track. If not, regroup and try again in 6 months, and hire/contract someone to beef up the plan.
The Sony hack was a wake up call to every company that doesn't have actual money on the line in IT, to realize that sometimes you will get fucked just for the sake of getting fucked. There isn't a single profitable venture left in the western world that succeeds without IT.