Building Incident Response (IR) teams and conducting IR investigations is a core competency of ours. Having conducted thousands of IR cases for law enforcement, the federal government, private companies, and national security programs, we created these documents out of real-world use cases. These documents have been used as part of IR programs globally, have been through countless audits and assessments, and meet best practices and standards such as NIST, the CIS Critical Security Controls, ISO, SOC, and others.
Beyond our years of experience, Natsar has the education and certifications to match our real-world experience. This ensures our materials are rooted in the right balance of academic excellence and practical experience. Some of our education and training relative to IR includes:
- Master’s of Science in Information Security and Assurance
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certification (GIAC) Certified Intrusion Analyst (GCIA)
- SANS Global Information Assurance Certification (GIAC) Certified Computer Forensic Analyst (GCFA)
- SANS Global Information Assurance Certification (GIAC) iOS and MacOS Examiner (GIME)
- EC-Council Certified Hacking Forensic Investigator (CHFI)
Developing an entire IR Program from scratch is a significant undertaking and many organizations lack the resources to develop a robust IR plan, policy, and related documents that have been battle-tested and proven. Don’t spend tens of thousands of dollars on consultants or staff time to develop a program for you when you can start with our documents and with a little customization, have a documented IR program that will meet standards and best practices.
This IR Program in a box contains an organization-wide policy to ensure executive sponsorship, a well-detailed 23-page IR Plan, and multiple checklists, report forms, and templates designed to assist during tabletop exercises and actual IR cases.
Each policy, procedure, form, or template that we provide was updated in 2022 to ensure conformance with the most up-to-date best practices and standards. The documents are all written in formats that you will have full access to edit and customize (Word, Excel, or PowerPoint).
You can purchase our documents individually or save money by purchasing the entire package of incident response documents. For any document(s) you purchase, you will be entitled to any update for one-year after the purchase date.
We will soon be adding an on-demand course for developing an IR program using these documents. When that course is available, it will be possible to bundle the documents with the course. If you would like to be notified when that course is published, click the button below.
- Incident Response Organizational Policy
- Incident Response Plan
- Executive Briefing Presentation Template (PowerPoint)
- Incident Response Report Template
- Supplemental IR Report Template
- Incident Response Overview Sheet
- Incident Response Collection List – Rapid Forensic Triage
- Incident Response Collection List – Log Analysis
- Incident Response Sign-in Sheet
- Incident Response Checklist – Postmortem Review
- Incident Response Checklist – Responding Offsite
- Incident Response Checklist – Public/Media Relations
- Incident Response Checklist – Communication Log
- Incident Response Checklist – Communications
- Incident Response Checklist – CIRT Lead
- Incident Response – Tracker of Affected Hosts