Templates
Uncategorized
IT Security Incident Response Plan

IT Security Incident Response Plan

A lean workflow for fast incident response
1
Introduction:
2
Diagnose:
3
Select source of incident
4
Review Linux logs
5
Review Windows logs
6
Review network device logs
7
Review web server logs
8
Categorize incident information
9
Compile incident details
10
Notify:
11
Specify emergency contacts
12
Notify emergency contacts
13
Control:
14
Block attacker's IP(s)
15
Isolate affected systems
16
Back up affected systems
17
Detect and remove malware
18
Recover and analyze:
19
Patch targeted vulnerabilities
20
Restore from the most recent unaffected backup
21
Store details of the attack's attributes, sources, and affected systems
22
Plan to prevent a similar attack in the future
23
Sources:
24
Related checklists: