Cybersecurity Incident Response Program Bundle

Cybersecurity Incident Response Program Bundle


It takes considerable time, effort, and experience to build or enhance a cybersecurity incident response program. Leverage Natsar’s extensive experience in this area and accelerate the building and maturity of your IR program. This bundle contains everything needed to get the program off the ground and be compliant with best practices such as NIST, CIS Critical Security Controls, ISO, SOC, and others. You can purchase these documents separately, or save 15% when bundling these documents together.


This bundle includes everything you need to implement a cybersecurity incident response program at an organization, including a 23-page Incident Response Plan written based on the NIST Cybersecurity Framework, an organizational policy document, and multiple templates, forms, and checklists (17 in total) and are a customizable to meet your specific needs.




There are no reviews yet.

Be the first to review “Cybersecurity Incident Response Program Bundle”

Your email address will not be published.

Rate Your Satisfaction*

Cybersecurity Incident Response Policy

This customizable Word document is a policy for organizations to document their Incident Response (IR) program. The 7-page policy covers topics including the purpose and scope of the policy, key definitions, important roles and responsibilities, and tabletop exercises and is intended to be the high level implementation document for an organization's IR Plan (also available from Natsar).


Cybersecurity Incident Response Plan

This 23-page customizable Word document is a complete Incident Response (IR) plan for an organization and based on the NIST Cybersecurity Framework. This plan has been used across the country and for multiple organizations with great success and meets standards and best practices including NIST, CIS Critical Security Controls, ISO, and others.


Cybersecurity Incident Response Report Template

Formally documenting a cybersecurity incident response investigation can be just as important as the technical IR response itself and can be invaluable in cases that involve insider threats, misconduct, or cybercrime where some legal action may be taken. This report template has all of the necessary sections that should be completed when documenting an IR case.


Executive Briefing Slides for Cybersecurity Incident

Once a cyberattack occurs and an incident declared, questions are going to start coming from every direction. This briefing template has been used successfully for executives and boards to keep them updated on incident response activities. This 8-slide presentation in PowerPoint format is part of a larger collection of Incident Response materials and may be purchased from Natsar as part of a bundle, or individually. This slide deck provides some guidance for an IR team on what they should be prepared to answer and information to include.


Cybersecurity Incident Response Supplemental Report Template

Often a cyber incident response case requires more than one report as evidence is analyzed and new facts become available, which necessitates writing a supplemental report. This report template matches the initial IR report template also available and allows IR analysts to document new information since the filing of an initial report.


Cybersecurity Incident Response Overview Sheet

Details matter during a cyberattack and incident response activities need to be captured. This document helps an IR team keep track of key events during an incident such as when the incident was first discovered, who declared it an incident, what individuals were assigned certain tasks, containment and mitigation actions, and information on the scope of the incident.


Cybersecurity Incident Response Checklist - CIRT Lead

There is a lot to think about during any cybersecurity incident response, especially if you are leading the response. This checklist assists the team leader by reminding them of critical steps that need to be accomplished during the response activities to help ensure a successful outcome.


Cybersecurity Incident Response Checklist - Communications

In the midst of a cyberattack is not the time to determine who must be notified of incident response activities. This checklist will help you identify who should be notified and when and also track when those notifications have been made.


Cybersecurity Incident Response Checklist - Incident Communication Log

During a cyberattack and incident response, there are a lot of communications occurring internally and externally that need to be tracked. For example, media inquiries, executive notifications, law enforcement, or regulatory bodies. This form helps you keep track of these communications.


Cybersecurity Incident Response Checklist - Public / Media Relations

A cyberattack is stressful enough and dealing with media and public inquiries can add an entirely new level of stress to a situation, especially if you are not prepared. This checklist is designed to help cybersecurity incident response teams keep track of media points of contact, inquires received, statements given, and tips on what should and should not be discussed.


Cybersecurity Incident Response Checklist - Responding Offsite

Your cybersecurity incident response team may need to respond to another location such as a branch office or to assist another entity. This checklist is designed to be sent ahead of the CIRT to ensure as much as possible is ready for them when they arrive, expediting the IR process. Does the location have conference rooms, phones, data connections, a white board? These and many other questions will help an IR team make sure that the location is prepared for them prior to arrival.


Cybersecurity Incident Response Checklist - Postmortem

At the conclusion of a cyberattack and incident response, it is always recommended to conduct a postmortem review and after action report (AAR) to capture what went well and opportunities for improvement. This document will help IR teams focus on key topics to cover during the postmortem debriefing.


Cybersecurity Incident Response Collection List - Log Analysis

Log files are one of the most valuable sources of information during a cybersecurity incident response investigation and knowing what log files to get (or what is available) may be challenging. This checklist can be given to IT staff and external managed service providers to obtain logs requested by the IR team.


Cybersecurity Incident Response Collection List - Rapid Forensic Triage

Evidence is volatile and knowing what to collect and in what order to collect it during a cybersecurity incident response investigation is critically important to a successful outcome. This checklist assists staff with what data should be collected and the steps to take during the evidence collection process ranging from collecting system RAM and running processes, to capturing registry hives and event logs.


Cybersecurity Incident Response Sign-in Sheet

When an incident is declared and multiple individuals begin working on response and mitigation, it can be difficult to keep track of internal and external staff. This document is a simple way to track who is working the incident, their cell phone number, and the role they have been assigned.


Cybersecurity Incident Response - Tracker of Affected Hosts

When hosts are determined to be affected by a cyberattack, this simple yet effective spreadsheet keeps track of affected hosts and should be part of your cyber incident response documents.

Cybersecurity Incident Response Engagement Scoping Form

Whether you are a private company, nonprofit, law enforcement agency, or other government organization, you may provide incident response (IR) assistance to other organizations or business units. This scoping form allows an IR team to ask questions ahead of an engagement that will help scope, understanding deployed technologies, understanding architecture, and other critical data point necessary for a successful IR engagement. This form will help you save time, reduce frustration, and increase effectiveness.

Item added to cart View Cart Checkout