Cyber Incident Response Tracker

Incident Details

Incident Progress

0% Complete

preparation (Active)

  • Establish incident response team
  • Define roles and responsibilities
  • Set up communication channels
  • Review insider threat policies
  • Advise Customer/Business to contact: Legal/Insurance/Law Enforcement/Country CERT as they feel is appropriate
  • Advise that the activities here are not legal advice
  • Advise the Customer/Business is responsible for its decision making and actions

identification

  • Detect incident via monitoring systems
  • Classify incident type (e.g., malware, insider threat)
  • Collect initial evidence (logs, alerts)
  • Interview potential insider threat suspects
  • Analyze user behavior for anomalies

containment

  • Isolate affected systems
  • Implement short-term containment measures
  • Preserve evidence for forensics
  • Restrict insider access to sensitive systems

eradication

  • Remove malware or malicious artifacts
  • Patch vulnerabilities
  • Reset compromised credentials
  • Conduct deep forensic analysis for insider actions

intelSharing

  • Share with Private Intel Sharing
  • Share with Country CERT
  • Share with Public
  • Share with Law Enforcement

recovery

  • Restore systems from backups
  • Validate system integrity
  • Monitor for recurrence
  • Reintegrate employees after clearance

lessonsLearned

  • Document incident findings
  • Update incident response plan
  • Conduct team debrief
  • Enhance insider threat training

Incident Close Down

  • Save Evidence if required
  • Create report if required
  • Secure Erase investigation equipment
  • Customer Sign Off

Recommendations

Tracking Log

  • No actions logged.