Scribd
Upload
84 views1 page

2017 Incident Response Checklist

The document provides a checklist of items to include in an incident response plan. The checklist includes 12 items such as identifying fundamentals, teams and contacts, definitions, phases of the incident response lifecycle, notification plans, forms, continuous improvement procedures, and scenario run books. The plan is meant to help organizations effectively respond to security incidents by outlining roles, processes, communication procedures and documentation requirements.

Uploaded by

Ajay Barala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views1 page

2017 Incident Response Checklist

The document provides a checklist of items to include in an incident response plan. The checklist includes 12 items such as identifying fundamentals, teams and contacts, definitions, phases of the incident response lifecycle, notification plans, forms, continuous improvement procedures, and scenario run books. The plan is meant to help organizations effectively respond to security incidents by outlining roles, processes, communication procedures and documentation requirements.

Uploaded by

Ajay Barala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

INCIDENT RESPONSE PLAN CHECKLIST

It is a best practice to have an Incident Response Plan developed an implemented.


Use this checklist as a guide to ensure your plan will help your organization respond to incidents:

Item to Include in Plan Item to Include in Plan


ITEM 1: Identify the Fundamentals ITEM 6: Obligation Notification/Communication Plan
Detail Scope, Goals, and Management Support Identification of Notification Requirements
Identify required alignment to established standard(s) Determine incident scenarios (Breach Unlikely, Breach,
(PCI, HIPAA, ISO, NIST, etc.) Contained Disclosure, etc.)
Reference to other supporting IRR documents (Policy, Per Scenario: Who, What, When, Why, What Message,
Standards, Procedures, etc.) How, Who is authorized to send
Template for: Internal Communications, Breach
Incident Response Plan Approvals and Revision Dates
Notification Letter & Press Release
ITEM 7: Establish Status Internal Team
ITEM 2: Teams and Contacts
Communications Plan
Response Team Membership - Contact info Establish Mechanism for Communication
Incident Alert Hotlines Define Schedule for Status Updates
Incident Response Roles and Responsibilities ITEM 8: Incident Response Forms:
Incident Response Experts, Legal Authorities, Legal
Observations and Actions Log
Counsel, Interested and Connected Parties
ITEM 3: Establish Definitions Inventory of Impacted Assets
Security Event Incident Classification Worksheet
Incident Impact Analysis Worksheet
Breach Third Parties Contacted Log
ITEM 4: Identify Phases of the
Chain of Custody Form
Incident Response Lifecycle
Planning & Prevention – People, Process & Technology Root Cause Analysis Form
Alerting– The method to report an incident Internal Investigation Form
Triage – Determine between an event and an incident Status Meeting Minutes
Investigation – Identify the scope & source of incident Response Approach Worksheet
Containment – Prevent the spread of damage ITEM 9: Continuous Improvement Procedures
Eradication– Remove the source of incident Updating the Incident Response Plan
Recovery – Restore systems to secure operations Approval Procedures for the Incident Response Plan
ITEM 10: Include Scenario Run Books
Lessons Learned – Eliminate the root cause
for specific types of Incidents
ITEM 5: Detail Phases of IR Lifecycle—
ITEM 11: Include a Glossary and Definitions
Include for each phase:
Description of Phase ITEM 12: Align to other Requirements:
Detailed Guidance/Checklist Include Requirements from your industry
Flow Diagram Include Requirements from your internal policies
References to Forms Used Refer to Information aligning to your company processes
Payment Brand Specific activities (PCIDSS)

847-221-0200 800-925-0559
NON-EMERGENCY EMERGENCY RESPONSE
[email protected] WWW.HALOCK.COM
HOTLINE

You might also like