This document discusses Virgin Australia's implementation of an Incident Command System (ICS) for cyber incident response. The ICS draws from FEMA's National Incident Management System and the UK's Gold-Silver-Bronze Command Structure to provide a flexible framework that integrates with existing incident response plans. Key roles in the ICS include the CIO as Gold Commander for strategic coordination, the Head of Infosec as Silver Commander for operational command and control, and the Cyber Security Operations Leader as Bronze Commander for tactical response execution. Tabletop exercises revealed lessons like not exposing the ICS terminology externally and rigorously testing integration before full implementation.