How to Create Incident Response Playbooks |

How to Create IR Playbooks

Organisations usually face the same types of attacks, whether it be phishing, malware, DoS or suspicious activities. Responders actions can sometimes be inconsistent, adhoc and largely depend on a few individuals’ past experiences and knowledge, especially if no documented procedures exist.

Learn how to make incident response playbooks for you and your team to follow when an incident occurs and reduce the impact of a cyberattack.

Preparation is Key

“Be prepared!” as the old Scout motto says, means having well-thought-through instructions for what to do when a Cybersecurity incident occurs. Pre-made and well prepared playbooks enables your teams to be able to respond quicker, hopefully limiting any potential damage to the organisation or its customer’s data.

Your session will cover:

The steps to resolve a variety of incidents as quickly as possible
Experience multiple incidents and create playbooks for each type
Guidance on building out sub-processes according to best practice and your toolset
Recommendations for uplift in maturity for your people, processes and technology
Sets the foundations for teams to be able to respond, before moving to advanced exercises (e.g. tabletops, adversary emulations and purple teaming)

Key Features

Common playbooks covered

Guidance on the most appropriate playbooks for your organisation and industry
Be prepared!

Enables teams to be able to respond quickly to specific incidents that might occur
Step-by-step instructions

Determine your own steps for your teams to follow while under extreme pressure
Recover faster

Create your own documented processes to enable your organisation to recover sooner
Foundations for advanced topics

Prepares your teams for more advanced exercises (e.g. tabletops, adversary emulation)
Practice makes prepared

Regularly exercise your playbooks to ensure your teams are ready when the worst occurs