A cyber incident response plan should include procedures for categorizing incidents based on their nature and severity, identifying and prioritizing incidents from initial alerts, isolating and containing incidents to limit their impact, eradicating threats and recovering systems, communicating with relevant stakeholders, and reviewing incidents to improve the plan. The plan needs to enable quick reaction to prevent cyber attacks from causing major impacts.

1. X
WHAT TO INCLUDE
IN A CYBER INCIDENT
RESPONSE PLAN?
A well tested
plan is critical to
enable you to
react quickly and
prevent or limit
the impact of a
cyber-attack.

2. PREPARE
AND
PREVENT
01 / 06
Categorise the types
of incidents you face
and detail yourspecific
responses bythe nature
and severity of an
incident.

3. IDENTIFY
02 / 06
From the initial alert,
you need to verify,
classify and prioritise.
Decide whether you
prefer to escalate
quickly orverify more
thoroughly.

4. ISOLATE
AND
CONTAIN
03 / 06
Isolation and con-
tainment are critical
to limiting impact.
Fast action here
reduces remedial
work needed later to
eradicate and recover.

5. RECTIFY
(ERADICATE
& RECOVER)
04 / 06
When the threat has
been contained, you
can begin dealing
with the incident,
first by eradicating
the threat and then
recovering systems.

6. COMMUNICATE
05 / 06
Effective
communication
speaking to the
right people
using the right
channels.
Stakeholders
include employees,
customers, insur-
ance providers

7. REVIEW
AND
IMPROVE
06 / 06
Review every incident
as soon as possible
after the breach.
Take lessons
learned and make
improvements.