In the dynamic landscape of today's digital world, incidents and emergencies are inevitable. Whether it's a cybersecurity breach, system outage, or any other unexpected event, organizations need a structured approach to effectively respond and mitigate the impact.
For Move Work Forward a company that works fully remotely and asynchronously, documentation is a key activity for our internal communication. On our journey to acquiring our SOC 2 Type II compliance, we needed to streamline the Security Incident Response after attempts to find the right template for our requirements, we decided as a team to create one.
We use this template to report security incidents internally. It saves time and makes the actions following the process documented, repeatable and predictable.
Table Of Content
- Summary
- Severity
- P3/P4 - Low and Medium Severity
- P2 - High Severity
- P1 - Critical Severity
- Triage and analysis
- Investigation
- Containment & neutralization (short-term/triage)
- Recovery & vulnerability remediation
- Hardening & Detection improvements (lessons learned, long-term response)
Summary
Severity: P1/P2/P3/P4
Severity
Product(s) affected: <the product(s) names>
Incident owner: <mention the owner, usually CSO or QA Lead>
Jira ticket: <insert a link to the ticket>
Microsoft Teams channel: <insert a link to the Microsoft Teams channel>
Team involved: <mention people involved>
Incident started: <UTC Time>
Incident closed: <UTC Time>
Incident response process: Incident Response Plan | Incident Response Process
Triage and analysis
Insert here the details of the incident.
Investigation
Perform investigative Q&A
Document new Indicators of Compromise (IOCs - refer to data that indicates a cyber threat may have infiltrated a system. They provide cybersecurity teams with crucial knowledge after a data breach or another breach in security).
Containment & Neutralization (short-term/triage)
Short-term actions taken to contain the incident.
Recovery & Vulnerability Remediation
External Reporting / Breach Reporting
Hardening & Detection Improvements (lessons learned, long-term response)
Plan long-term mitigations.
Document Root Cause Analysis (RCA).
Additional items as needed.
Working with this template, your team can streamline their incident management process, ensuring a swift and efficient response to incidents such as cybersecurity breaches or system outages.We hope you find this helpful.
