Bridgehead IT logo

Incident Response Planning: A Checklist for Your Business

Posted: Dec 2021

Responding quickly to a cyber-attack is a business-critical capability, considering how persistent and nefarious threats have become.

Not only does having an incident-response plan already in place make mitigating an attack easier, but it’s also necessary from an operational standpoint to get everyone on board when the time for action arrives. Honestly, it’s not a question of if; it’s a question of when you’ll need to rely on the plan. 

Unfortunately, the problem is that many businesses don’t bother to make an incident-response plan at all until it’s already too late to minimize the damage. You can certainly make an incident response plan after the fact; however, it’s much more cost-effective to spend the time and resources upfront to create a proper plan rather than take a weak, reactionary posture.

So, to show you where to start, here’s a reminder about cyber security incident response best practices and tips on what to include in your tabletop incident response workshops.

Incident response checklist – Preparation, detection, containment, and post-incident activity

The simple definition of an incident response plan is a set of instructions designed to help your company prepare for, detect, respond to, and recover from network security incidents. Usually, most incident response plans are technology-centric and address issues like malware detection, data theft, and service outages.

No matter what the threat ultimately is, the idea is for the response plan to be a straightforward assessment of what to do next. Every team member should know what their roles are and what they are accountable for, too. The good news is that the NIST Cybersecurity Framework specifies an incident response plans basics, including:

  1. Preparation
  2. Detection (including a thorough analysis)
  3. Containment
  4. Post-incident activity

The bad news is that the NIST is pretty mum on the details about how to test whether your response plan is sufficient. Without a tabletop exercise or a workshop, you can’t tell whether or not you covered every angle, and that’s especially true when planning how to respond to a zero-day threat.

Hackers and the malware authors who exploit them are tirelessly looking for ways to be creative in their attacks, so shouldn’t your workshops be just as creative too?

7 must-have scenarios for cyber security tabletop exercises

At a minimum, your workshop should cover hypothetical situations like:

  1. Unplanned downtime
  2. Insider attacks
  3. Hacktivism
  4. Data breaches
  5. Intellectual property theft
  6. Ransomware
  7. Advanced persistent threats (e.g., nation-state actors)

While the subject matter is absolutely nothing to laugh about, it’s OK to have a little fun during the tabletop exercise and throw the team a few curveballs. One quick win is to combine two scenarios in one to test your team’s preparedness to lash together solutions off the cuff and stay agile.

In the end, no matter how you plan for a cyber security incident, hackers will always find ways to get around even the most sophisticated protections, which is why you need a clear plan ahead of time before it’s too late.

Connect with us to learn more about how our team of experts can assist your organization with cyber security and incident response planning.


45% of breaches featured hacking, 17% involved malware, and 22% involved phishing.

86% of breaches were financially motivated and 10% were motivated by espionage.

Data breaches have lasting financial effects on hospitals, report suggests “More than 90 percent of all healthcare organizations reported at least one security breach in the last three years.

Connect with us today for all of your outsourced IT needs