Cyber Incident Response Tracker
Incident Details
Responder Name
First Responder Name
Responding Organization
Customer Organization
Incident ID
Created At
Status
DRAFT
RELEASE
Incident Status
Initial
In Progress
Monitoring
Closed
Traffic Light Protocol
CLEAR
GREEN
AMBER
RED
Category
Malware
Phishing
Intrusion
Data Theft
Data Loss
Device Theft
Device Loss
Unacceptable Computer Use
Suspected Insider Criminal Activity
Other
Incident Progress
Export to JSON
Print to PDF
Clear Local Storage
0% Complete
preparation
(Active)
Establish incident response team
Define roles and responsibilities
Set up communication channels
Review insider threat policies
Advise Customer/Business to contact: Legal/Insurance/Law Enforcement/Country CERT as they feel is appropriate
Advise that the activities here are not legal advice
Advise the Customer/Business is responsible for its decision making and actions
Notes
Next Actions
Mark Phase as Complete
identification
Detect incident via monitoring systems
Classify incident type (e.g., malware, insider threat)
Collect initial evidence (logs, alerts)
Interview potential insider threat suspects
Analyze user behavior for anomalies
Notes
Next Actions
containment
Isolate affected systems
Implement short-term containment measures
Preserve evidence for forensics
Restrict insider access to sensitive systems
Notes
Next Actions
eradication
Remove malware or malicious artifacts
Patch vulnerabilities
Reset compromised credentials
Conduct deep forensic analysis for insider actions
Notes
Next Actions
intelSharing
Share with Private Intel Sharing
Share with Country CERT
Share with Public
Share with Law Enforcement
Notes
Next Actions
recovery
Restore systems from backups
Validate system integrity
Monitor for recurrence
Reintegrate employees after clearance
Notes
Next Actions
lessonsLearned
Document incident findings
Update incident response plan
Conduct team debrief
Enhance insider threat training
Notes
Next Actions
Incident Close Down
Save Evidence if required
Create report if required
Secure Erase investigation equipment
Customer Sign Off
Notes
Next Actions
Recommendations
Recommendations (one per line)
Tracking Log
No actions logged.