Incident Response Planning Tools

Every organization needs to have an organized, practiced Incident Response Plan (IRP) in the event that they need to respond to a cyber incident. This plan comprises several components and involves many people inside and outside the organization. Having a plan in place, sharing it with those involved, and practicing it regularly are crucial to reducing the impact on the organization and speeding up the time to recovery. Below are some of the tools developed by MiSecure as well as other organizations. The MiSecure Task Force has 3 distinct tools that intentionally range from basic to comprehensive:

  • #1: basic, least time-consuming but most important information needed (crawl)
  • #2: thorough critical information needed (walk)
  • #3: comprehensive questions to guide the formation of a localized plan (run)

The following tool is the most basic, important information an organization should have for a quick response. As an organization’s response skills grow, this document will likely become inadequate. It is designed to give an organization a place to begin; considering the most basic IRP questions.

Note: Clicking the button below will create a “preview” copy. If you want to make a copy to your own Google Drive, click “use template.” A non-interactive PDF version is also available for users without a Google account

This tool provides a single source for all the critical information an organization needs to respond to a cyber incident effectively. It includes staff, internal resources, supporting organizations, locations of critical information, and more.

Note: Clicking the button below will create a “preview” copy. If you want to make a copy to your own Google Drive, click “use template.” A non-interactive PDF version is also available for users without a Google account

How an organization responds to a cyber incident is unique for each organization and depends on specific technology solutions in place and the tools available to combat the incident. There are, however, considerations and questions that all organizations will face at each stage. The following document is designed to help an organization develop specific steps for each stage: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

The following documents are examples from several other organizations and are provided to assist an organization in the development of its own comprehensive Incident Response Plan

These resources can help a district conduct tabletop exercises.