Incident Response

The Cynet 360 platform is the world’s fastest IR tool and includes automated attack detection and remediation

Learn More

6 Incident Response Plan Templates and Why You Should Automate Your Incident Response

Catastrophic security breaches start as alerts, which roll out into security incidents. If you catch an incident on time and respond to it correctly, you can save the enormous damages and clean up efforts involved in a breach. Not all breaches are preventable, but a robust, tested and repeatable incident response process will reduce damage and costs in almost all cases.

In this article:

What is an Incident Response Plan?

An incident response plan is a practical procedure that security teams and other relevant employees follow when a security incident occurs. It is critical to enable a timely response to an incident, mitigating the attack while properly coordinating the effort with all affected parties.

Some organizations have a dedicated incident response team, while others have employees on standby who form an ad-hoc incident response unit when the need arises. Other organizations outsource incident response to security organizations—for example, Cynet provides a managed incident response service based on our holistic security platform.

Incident Response Plan Frameworks

There are two primary frameworks you can use to plan and execute an incident response process, created by NIST, a US government standards body, and SANS, a non-profit security research organization. They are summarized below:

NIST Incident Response ProcessSANS Incident Response Process
1. Preparation1. Preparation
2. Detection and Analysis2. Identification
3. Containment, Eradication, and Recovery3. Containment
4. Post-Incident Activity4. Recovery
 5. Recovery
 6. Lessons Learned

Read our in-depth posts on the NIST Incident Response and SANS Incident Response frameworks.

Six Incident Response Plan Templates

When building your incident response plan, it is much easier to start with a template, remove parts that are less relevant for your organization, and fill in your details and processes. Below are several templates you can download for free, which can give you a head start.

1. TechTarget Incident Response Plan Template

Created by: Paul Kirvan
Pages: 14
Main sections:

  • Plan overview, scope, exclusions and planning scenarios
  • Local sequence of events, local incident response teams and activities
  • Notification, escalation and declaration process
  • Incident response checklists: contact lists, initial IR checklist, local incident management team checklist, manager task checklist, EOC command staff checklist
  • Incident management forms

Download .DOC file

2. IltaNet Incident Response Plan

Created by: International Legal Technology Association
Pages: 5
Main sections:

  • Incident response team
  • Incident response notifications
  • Employee responsibilities
  • Types of incidents
  • Definition of a security breach
  • Classification procedure for potential incidents
  • Response procedure
  • Recovery
  • Periodic testing and remediation

Download .ASHX file

3. Thycotic Incident Response Template

Created by: Thycotic
Pages: 19
Main sections:

  • Roles, responsibilities and contact info
  • Threat classification
  • Compliance and legal obligations
  • Phases of incident response and actions taken:
    • Incident confirmation
    • Containment and continuity
    • Eradication
    • Recovery
    • Lessons learned

Get .DOC file (requires registration)

4. Sysnet Security Incident Response Plan

Created by: Sysnet
Pages: 11
Main sections:

  • How to recognize a security incident
  • Roles and responsibilites
  • External contacts
  • Payment cards—what to do if compromised
  • Incident response steps
    • Report, investigate, inform
    • Maintain continuity
    • Resolve and recover
    • Review
  • Specific incident response types
    • Malware
    • Tampering with payment terminals
    • Unauthorized wireless access points
    • Loss of equipment
    • Noncompliance with security policies
  • Testing and periodic updates for IR plan

Get .DOC file (requires registration)

5. California Government Department of Technology Incident Response Plan

Created by: California Government Department of Technology
Pages: 4
Contents: 17-step incident response procedure, referencing more detailed plans for specific incident types such as malware, system failure, active intrusion attempt.

Download .DOC file

6. I-Sight Incident Response Template

Created by: I-Sight
Pages: 6
Main sections:

  • Purpose
  • Scope
  • Definitions and examples of incidents
  • Roles & responsibilities
  • Incident response stages and proceures

Get .DOC file (requires registration)

The Importance of Automated Incident Response

Incident response templates and procedures are crucial, but they are not enough. In most organizations there is a critical shortage of security staff. It is impossible to review all alerts, not to mention investigate and respond to all security incidents. Statistics show that the average time to identify and remediate a breach is over 100 days.

To help address this problem, the security industry is developing tools to perform automated incident response. An automated tool can detect a security condition, and automatically execute an incident response playbook that can contain and mitigate the incident. For example, upon detecting traffic from the network to an unknown external IP, an incident playbook runs, adding a security rule to the firewall and blocking the traffic until further investigation.

By supplementing manual incident response with automated playbooks, organizations can reduce the burden on security teams, and respond to many more security incidents, faster and more effectively.

Automated Incident Response with Cynet

Cynet provides a holistic solution for cybersecurity, including Cynet Response Orchestration, which can automate your incident response. You define automated incident response playbooks, with pre-built remediation procedures for multiple attack scenarios. When an attack scenario occurs, the relevant playbook is automatically executed. Only if there is no matching playbook, the incident is pushed to the security team for a manual response.

Cynet Response Orchestration can address any threat that involves infected endpoints, malicious processes or files, attacker-controlled network traffic, or compromised user accounts.

Learn more about Cynet Response Orchestration.

Dive In

Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
FREE TRIAL

Deploy Cynet in Minutes and Try it for 14 Days

Try Cynet’s easy-to-launch prevention, detection and response platform across your entire organization - free for 14 days!

START YOUR TRIAL