Example Cyber Security Incident Response Plan

, , ,

The following is an example of an Incident Response Plan.


Cyber Security Incident Response

This document details the procedures our business takes when a cyber security related incident occurs, including steps taken to detect, respond to, and recover from security incidents.

Incident Response Team

First Last IT Provider (555) 555-5555
First Last CEO (555) 555-5555

Incident Response Actions

  • Containment
    • Disconnect affected devices from the network/internet by unplugging the network cable or disabling WiFi. You can disable WiFi connectivity by enabling airplane mode on your device.
    • Contact your IT Provider (see chart above) and allow them to engage with the situation.
    • Alert your CEO and other team members regarding the incident. Ask them to raise their online situational awareness.
    • Use an unaffected device to change passwords or enable two factor authentication (if not already in use) for all potentially affected accounts and applications.
  • Identify Issue(s) & Assess Impact(s)
    • Document (pen/paper) how incident was discovered, when it occurred and other pertinent details.
    • Determine the nature of the incident (example, data breach, malware infection, unauthorized access).
    • Identify what data or systems have been compromised or affected and determine if any sensitive information was exposed (example, customer data, financial records, ePHI or PCI, etc.).
      • If a data breach occurred:
        • Contact Banking Companies to lock down accounts: [insert numbers here]
        • Contact Law Enforcement, FBI (Local Branch) at [insert number here]
        • Contact Insurance Provider at [insert number here]
  • Resolve & Recover
    • Remove malicious files/apps, unauthorized users, or security vulnerabilities from your systems.
    • Apply all available software patches/updates to prevent similar incidents in the future.
    • Restore your systems via backups to restore affected systems and data to their normal state.
    • Test systems to ensure they are functioning properly and securely.
    • Notify affected parties.
    • Inform customers, employees, or partners who may have been affected by the incident.
    • Review and learn from the incident. Analyze the incident to identify how it occurred and what can be done to prevent similar incidents in the future.
    • Update your incident response plan and security measures based on lessons learned.



I hope my example Cyber Security Incident Response Plan has been helpful to you. I welcome your thoughts, questions or suggestions regarding this article.

You may support my work and future improvements by sending me a tip using your Brave browser or by sending me a one time donation using your credit card.

Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.