ACSC-Cyber-Incident-Response-Plan-Template

CYBER INCIDENT RESPONSE PLAN TEMPLATE cyber .gov.au

Cyber Incident Response Plan | Template Table of Contents 1. Authority and Review ......................................................................................................................... 4 2. Purpose and Objectives ...................................................................................................................... 5 3. Standards and Frameworks ................................................................................................................ 5 4. High Level Incident Response Process ................................................................................................ 6 5. Common Security Incidents and Responses ........................................................................................ 7 5.1. Common Threat Vectors .................................................................................................................. 7 5.2. Common Cyber Incidents ................................................................................................................ 8 6. Roles and Responsibilities .................................................................................................................. 9 6.1. Points of Contact for Reporting Cyber Incidents .............................................................................. 9 6.2. Cyber Incident Response Team (CIRT) ............................................................................................. 9 6.3. Senior Executive Management Team (SEMT) ................................................................................ 10 6.4. Roles and Relationships ................................................................................................................. 10 7. Communications ............................................................................................................................... 11 7.1. Internal Communications .............................................................................................................. 11 7.2. External Communications .............................................................................................................. 11 8. Supporting Procedures and Playbooks .............................................................................................. 12 8.1. Supporting Standard Operating Procedures (SOPs) ....................................................................... 12 8.2. Supporting Playbooks .................................................................................................................... 12 9. Sector, Jurisdictional and National Incident Response Arrangements .............................................. 13 9.1. Sector Arrangements ..................................................................................................................... 13 9.2. Jurisdictional Arrangements .......................................................................................................... 13 9.3. National Arrangements ................................................................................................................. 13 10. Incident Notification and Reporting ................................................................................................ 14 10.1. Legal and Regulatory Requirements ............................................................................................ 14 10.2. Insurance ..................................................................................................................................... 14 INCIDENT RESPONSE PROCESS ............................................................................................................. 15 11. Detection, Investigation, Analysis and Activation ........................................................................... 16 11.1. Incident Classification .................................................................................................................. 16 11.2. Cyber Incident Response Team (CIRT) Activation ........................................................................ 16 11.3. Investigation Questions ............................................................................................................... 17 11.4. Escalation and De-escalation ....................................................................................................... 17 2

Cyber Incident Response Plan | Template 12. Containment, Evidence Collection & Remediation .......................................................................... 18 12.1. Containment ................................................................................................................................ 18 12.2. Documentation ............................................................................................................................ 18 12.3. Evidence Collection and Preservation .......................................................................................... 18 12.4. Remediation Action Plan ............................................................................................................. 19 13. Recovery ......................................................................................................................................... 20 13.1. Stand Down ................................................................................................................................. 20 14. Learn and Improve .......................................................................................................................... 21 14.1. Post Incident Review ................................................................................................................... 21 14.2. Update and Test Cyber Incident Response Plan .......................................................................... 22 14.3. Training ........................................................................................................................................ 22 APPENDICES ......................................................................................................................................... 23 Terminology and Definitions ................................................................................................................ 24 Cyber Incident Response Readiness Checklist ...................................................................................... 25 ACSC Incident Triage Questions ............................................................................................................ 28 Situation Report Template ................................................................................................................... 29 Incident Log Template .......................................................................................................................... 30 Evidence Register Template ................................................................................................................. 31 Remediation Action Plan Template ...................................................................................................... 32 Post Incident Review Analysis Template .............................................................................................. 33 Action Register Template ..................................................................................................................... 39 Role Cards ............................................................................................................................................. 40 ACSC Incident Categorisation Matrix 2022 ........................................................................................... 41 3

Cyber Incident Response Plan | Template 1. Authority and Review Document Control and Review Document Control Author Owner Date created Last reviewed by Last date reviewed Endorsed by and date Next review due date Version Control Version Date of Approval Approved By Description of Change 4

Cyber Incident Response Plan | Template 2. Purpose and Objectives Purpose of the CIRP Objectives of the CIRP 1. 2. 3. 4. 3. Standards and Frameworks     5