Cybersecurity Incident Response Plan Template

1. Authority and Review

1.1 Document Control and Review

Criteria	Information
Author
Owner
Date Created
Last Reviewed By
Last Date Reviewed
Endorsed By
Date Endorsed
Next Review Due Date

1.2 Version Control

Version	Date Approved	Approved By	Description of Change	Action

2. Purpose and Objectives

2.1 Purpose

2.2 Objectives

3. Standards and Frameworks

4. High-Level Incident Response Process

4.1 Preparation

4.2 Identification

4.3 Containment and Eradication

4.4 Recovery and Post-Incident Review

5. Common Security Incidents and Response

5.1 Common Threat Vectors

5.2 Incident Types and Response

Type/Description	Response	Action

6. Roles and Responsibilities

6.1 Points of Contact

Name	Hours of Operation	Contact Details	Role Title	Responsibilities	Action

6.2 Cyber Incident Response Team (CIRT)

Name	Organization	Contact Details	CIRT Role Title	CIRT Responsibilities	Action

6.3 Senior Executive Management Team

Name	Contact Details	Title	SEMT Role	Action

6.4 Roles and Relationships

7. Communication

7.1 Internal Communication

7.2 External Communication

8. Supporting Procedures and Playbooks

8.1 Supporting Standard Operating Procedures

8.2 Supporting Playbooks

9. Sector, Jurisdictional, and National Incident Response Arrangements

9.1 Sector Arrangements

9.2 Jurisdictional Arrangements

9.3 National Arrangements

10. Incident Notification and Reporting

Incident Type/Threshold	Organization/Agency to Receive Notification	Contact Details	Agency Information	Person Responsible	Action

10.1 Legal and Regulatory Requirements

10.2 Insurance

11. Detection, Investigation, Analysis, and Activation

11.1 Incident Classification

Incident Classification	Description	Action

11.2 CIRT Activation

11.3 Investigation Questions

11.4 Escalation and De-escalation

Incident Classification	Action	Triggers	Minimum Level Authority	Action

12. Containment, Evidence Collection, and Remediation

12.1 Containment

12.2 Documentation

Criteria	Information
Date and Time Incident Detected
Current Status
Incident Type
Incident Classification
Scope
Impact
Severity
Notifications
Assistance Required
Actions Taken to Resolve Incident
Additional Notes
Contact Details for Incident Manager
Date and Time of Next Update