ACSC-Cyber-Incident-Response-Plan-Template
.docx
keyboard_arrow_up
School
Victorian Institute of Technology *
*We aren’t endorsed by this school
Course
ITNE2005R
Subject
Information Systems
Date
May 18, 2024
Type
docx
Pages
43
Uploaded by DukeMusicRook13 on coursehero.com
CYBER INCIDENT
RESPONSE PLAN
TEMPLATE
cyber
.gov.au
Cyber Incident Response
Plan
| Template
Table of Contents
1. Authority and Review
.........................................................................................................................
4
2. Purpose and Objectives
......................................................................................................................
5
3. Standards and Frameworks
................................................................................................................
5
4. High Level Incident Response Process
................................................................................................
6
5. Common Security Incidents and Responses
........................................................................................
7
5.1. Common Threat Vectors
..................................................................................................................
7
5.2. Common Cyber Incidents
................................................................................................................
8
6. Roles and Responsibilities
..................................................................................................................
9
6.1. Points of Contact for Reporting Cyber Incidents
..............................................................................
9
6.2. Cyber Incident Response Team (CIRT)
.............................................................................................
9
6.3. Senior Executive Management Team (SEMT)
................................................................................
10
6.4. Roles and Relationships
.................................................................................................................
10
7. Communications
...............................................................................................................................
11
7.1. Internal Communications
..............................................................................................................
11
7.2. External Communications
..............................................................................................................
11
8. Supporting Procedures and Playbooks
..............................................................................................
12
8.1. Supporting Standard Operating Procedures (SOPs)
.......................................................................
12
8.2. Supporting Playbooks
....................................................................................................................
12
9. Sector, Jurisdictional and National Incident Response Arrangements
..............................................
13
9.1. Sector Arrangements
.....................................................................................................................
13
9.2. Jurisdictional Arrangements
..........................................................................................................
13
9.3. National Arrangements
.................................................................................................................
13
10. Incident Notification and Reporting
................................................................................................
14
10.1. Legal and Regulatory Requirements
............................................................................................
14
10.2. Insurance
.....................................................................................................................................
14
INCIDENT RESPONSE PROCESS
.............................................................................................................
15
11. Detection, Investigation, Analysis and Activation
...........................................................................
16
11.1. Incident Classification
..................................................................................................................
16
11.2. Cyber Incident Response Team (CIRT) Activation
........................................................................
16
11.3. Investigation Questions
...............................................................................................................
17
11.4. Escalation and De-escalation
.......................................................................................................
17
2
Cyber Incident Response
Plan
| Template
12. Containment, Evidence Collection & Remediation
..........................................................................
18
12.1. Containment
................................................................................................................................
18
12.2. Documentation
............................................................................................................................
18
12.3. Evidence Collection and Preservation
..........................................................................................
18
12.4. Remediation Action Plan
.............................................................................................................
19
13. Recovery
.........................................................................................................................................
20
13.1. Stand Down
.................................................................................................................................
20
14. Learn and Improve
..........................................................................................................................
21
14.1. Post Incident Review
...................................................................................................................
21
14.2. Update and Test Cyber Incident Response Plan
..........................................................................
22
14.3. Training
........................................................................................................................................
22
APPENDICES
.........................................................................................................................................
23
Terminology and Definitions
................................................................................................................
24
Cyber Incident Response Readiness Checklist
......................................................................................
25
ACSC Incident Triage Questions
............................................................................................................
28
Situation Report Template
...................................................................................................................
29
Incident Log Template
..........................................................................................................................
30
Evidence Register Template
.................................................................................................................
31
Remediation Action Plan Template
......................................................................................................
32
Post Incident Review Analysis Template
..............................................................................................
33
Action Register Template
.....................................................................................................................
39
Role Cards
.............................................................................................................................................
40
ACSC Incident Categorisation Matrix 2022
...........................................................................................
41
3
Cyber Incident Response
Plan
| Template
1. Authority and Review
Document Control and Review
Document Control Author Owner
Date created
Last reviewed by Last date reviewed
Endorsed by and date
Next review due date
Version Control Version
Date of Approval
Approved By Description of Change
4
Cyber Incident Response
Plan
| Template
2. Purpose and Objectives
Purpose of the CIRP Objectives of the CIRP 1.
2.
3.
4.
3. Standards and Frameworks
5
Cyber Incident Response
Plan
| Template
4. High Level Incident Response Process 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help