Incident Response Program Bundle

Incident Response Program Bundle


This includes all the documents necessary to start an Incident Response (IR) program that are based on best practices such as NIST, CIS Critical Security Controls, ISO, SOC, and others. Save 15% when bundling these documents together.



This bundle includes everything you need to implement a cybersecurity incident response program at an organization, including a 23-page Incident Response Plan written based on the NIST Cybersecurity Framework, an organizational policy document, and multiple templates, forms, and checklists (16 in total) and are a customizable to meet your specific needs.




There are no reviews yet.

Be the first to review “Incident Response Program Bundle”

Your email address will not be published.

Rate Your Satisfaction*

Incident Response Policy

This customizable Word document is a policy for organizations to document their Incident Response (IR) program. The 7-page policy covers topics including the purpose and scope of the policy, key definitions, important roles and responsibilities, and tabletop exercises and is intended to be the high level implementation document for an organization's IR Plan (also available from Natsar).


Incident Response Plan

This 23-page customizable Word document is a complete Incident Response (IR) plan for an organization and based on the NIST Cybersecurity Framework. This plan has been used across the country and for multiple organizations with great success and meets standards and best practices including NIST, CIS Critical Security Controls, ISO, and others.


Incident Response Report Template

Formally documenting an IR investigation can be just as important as the technical IR response itself and can be invaluable in cases that involve insider threats, misconduct, or cybercrime where some legal action may be taken. This report template has all of the necessary sections that should be completed when documenting an IR case.


Executive Briefing Slides for Incident Response

Once an incident is declared and notifications begin, organizational leadership will want regular status briefings. This slide deck provides some guidance for an IR team on what they should be prepared to answer and information to include.


Incident Response Supplemental Report Template

Often an IR case requires more than one report as evidence is analyzed and new facts become available, which necessitates writing a supplemental report. This report template matches the initial IR report template also available and allows IR analysts to document new information since the filing of an initial report.


Incident Response Overview Sheet

This document helps an IR team keep track of key events during an incident such as when the incident was first discovered, who declared it an incident, what individuals were assigned certain tasks, containment and mitigation actions, and information on the scope of the incident.


Incident Response Checklist - CIRT Lead

This checklist will assist individuals serving as CIRT Lead while responding to an incident.


Incident Response Checklist - Communications

This checklist will assist CIRT members in making the proper notifications and maintaining the checklist as an artifact of IR activities.


Incident Response Checklist - Incident Communication Log

This checklist is designed to help IR teams track communications specific to an incident. For example, media inquiries, requests for assistance to law enforcement or regulatory bodies, internal communications, etc.


Incident Response Checklist - Public / Media Relations

Dealing with media and public inquiries can be a stressful part of IR. This checklist is designed to help IR teams keep track of media points of contact, inquires received, statements, given and tips on what should and should not be discussed.


Incident Response Checklist - Responding Offsite

Your IR team may need to respond to another location such as a branch office or to assist another entity. This checklist is designed to be sent ahead of the CIRT to ensure as much as possible is ready for them when they arrive, expediting the IR process.


Incident Response Checklist - Postmortem

Once an incident is over, it is always recommended to conduct a postmortem review and after action report to capture what went well and opportunities for improvement. This document will help IR teams focus on key topics to cover during the postmortem debriefing.


Incident Response Collection List - Log Analysis

Log files are one of the most valuable sources of information during an IR investigation and knowing what log files to get (or what is available) may be challenging. This checklist can be given to IT staff and external managed service providers to obtain logs requested by the IR team.


Incident Respose Collection List - Rapid Forensic Triage

Evidence is volatile and knowing what to collect and in what order to collect it during an IR investigation is critically important to a successful outcome. This checklist assists staff with what data should be collected and the steps to take during the evidence collection process ranging from collecting system RAM and running processes, to capturing registry hives and event logs.


Incident Response Sign-in Sheet

When an incident is declared and multiple individuals begin working on response and mitigation, it can be difficult to keep track of internal and external staff. This document is a simple way to track who is working the incident, their cell phone number, and the role they have been assigned.


Incident Response - Tracker of Affected Hosts

This free spreadsheet is an easy to use tracker of hosts that are determined to be impacted by a cyber incident and allows IR teams to keep track of response activities per host.

Item added to cart View Cart Checkout