- AT&T – Insider’s Guide to Incident Response
This document discusses how to assemble and organize an incident response team, how to arm them and keep them focused on containing, investigating, responding to and recovering from security incidents.
- AT&T Cybersecurity – Incident Response Steps and Frameworks for SANS and NIST
Comparing SANS and NIST Incident Response Steps.
- Carnegie Mellon University – Incident Response Plan
This resource from CMU provides an example procedure for how to respond to information security incidents.
- CMU – Defining Computer Security Incident Response Teams
This article describes CSIRTs and their role in preventing, detecting, analyzing, and responding to computer security incidents.
- Comparitech – How to Create a Cyber Security Incident Response Plan for Your Organization
This article will discuss how to create a cybersecurity incident response plan for your organization based on NIST guidelines.
- CrowdStrike – What is Incident Response?
This article provides information on the elements and importance of an up-to-date IR Plan.
- Cyber Crowd – Why Root Cause Analysis is a Vital Part of Your Security Improvement Journey
This article describes why RCA is a necessary step in a company's cybersecurity evolution.
- Cybereason – Post Incident Review
This article examines the importance of post-incident reviews for security teams.
- Digital Guardian – Data Breach Experts Share The Most Important Next Step You Should Take After A Data Breach
This blog post provides insights from various industry experts on how to tackle a data breach and what happens afterwards.
- Exabeam – Incident Response Plan 101: The 6 Phases, Templates, and Examples
How to build an incident response plan around the 6 phases of incident response, examples to get you started, and a peek at incident response automation.
- Exabeam – Incident Response Steps: 6 Tips for Responding to Security Incidents
Specific incident response steps once a cybersecurity incident has been identified.
- Gartner – Listing of Security Information and Event Management Tool
A listing of SIEM tools provided by Gartner.
- Kroll – It’s Not If But When: How to Build Your Cyber Incident Response Plan
In this article, Kroll provides a high-level view of how to build an IRP and the types of questions you will want to address as you begin planning.
- NIST – Tips & Tactics: Control System Cybersecurity
Quick steps you can take now to PROTECT your control system
- NIST SP 800-184 Guide for Cybersecurity Event Recovery
This NIST Special Publication focuses on providing plans and procedures to facilitate resuming normal business operations as quickly as possible during a cybersecurity event.
- NIST SP 800-53: IR–4(3) Incident Handling
NIST resource that defines incident handling requirements from event to incident declaration.
- NIST SP 800-53: IR–6 Incident Reporting
NIST resource that defines incident reporting requirements when reporting within the organization and external agencies.
- NIST SP 800-61 Computer Security Incident Handling Guide
This NIST Special Publication offers guidance for incident response by identifying best practices and other recommendations.
- NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
This guide from NIST discusses how important forensics can be for an organization during a cyber incident.
- Pager Duty – What is an incident postmortem?
This article discusses how to conduct incident postmortems, and why they're important.
- RSI Security – Best Practices for Testing of IR Plans
This article describes how to build and regularly test your IR plan.
- SANS Security Response Plan Policy
This is a policy template from SANS for incident response management.
- SANS Whitepaper – From Events to Incidents
This whitepaper from SANS provides basic nomenclature and examples for events and incidents.
- SANS Whitepaper – Incident Handler’s Handbook
This SANS whitepaper details procedural incident response steps, supplemented by tips and tricks for use on Windows and UNIX platforms.
- U. S. Election Assistance Commission – Cyber Incident Response Best Practices
This document provides an overview of items that election officials should take into consideration when developing these policies and plans. Additionally, it provides usable checklists and other resources designed to help develop more in-depth procedures for implementing cyber incident response policies and procedures.
- US-CERT – CRR Supplemental Resource Guide, Volume 5: Incident Management
US-CERT resource that provides information on how to create, test and improve an Incident Management plan.