Incident Response Policy Template v1.0
Incident Response Policy Template v1.0
Incident Response Policy Template v1.0
Date:
Incident Response Policy Template
Document Control
Document
Incident Response Policy Template
Title:
Document ID: Version: 0.1
Status: Draft
Publish Date:
Document Review
Version
No. Date Reviewer(s) Remarks
Incident Response Policy Template
Table of Contents
1. Objective.....................................................................................................4
2. Scope..........................................................................................................4
3. Policy..........................................................................................................4
4. Policy Enforcement.....................................................................................8
Incident Response Policy Template
1. Objective
2. Scope
3. Policy
3.1.1 <entity name> must understand and be aware of the types of data security
incident which include but not limited to:
Denial of service.
Unforeseen circumstances.
Human errors.
Adversary attacks
3.1.2 Incident Handling Team (IHT) must be identified along with roles and
responsibilities.
3.1.6 Incident Response policy and procedures must be reviewed and updated.
3.1.8 All types of incidents occurred from various resources must be reported and
managed similarly.
3.1.9 Incident Scenario sessions must be conducted periodically for IHT to ensure
clear understanding of current threats and risk.
3.2.1 All information users are responsible for reporting actual, suspected,
threatened or potential cyber security incidents and for assisting with
investigations as required.
3.2.3 Management personnel are responsible for ensuring that employees act in
compliance with this policy and assist with investigations as required.
3.2.4 The directors will be responsible for overseeing management of the breach
in accordance with the Incident Response Plan. Suitable delegation may be
appropriate in some circumstances.
Incident Response Policy Template
Reportable incidents.
3.3.3 The unauthorized disclosure and modification of the plan must be prevented.
3.4.1 <entity name>’s management should respond quickly and identify the data
classification of the incident allowing quick incident response in a timely
manner.
3.4.2 Classification is requested for all reported incidents to assess the risk and
mitigation strategies.
a. Public Data: Information that can be made publicly or intended for public
use without having any negative impact on the <entity name>.
3.5.2 A formal report must be filled with details of security incidents including who
is reporting the incident and what data classification is involved. Related
personnel only must be reported to prevent sensitive data disclosure.
Incident Response Policy Template
3.6.2 The data breaches and incident classification should be applied as follows:
a. Critical/Major Breach or Incident: Breaches or Incidents deal with
confidential information on a large scale where risk to the <entity name> is
high.
All security incidents shall have a complete risk and scope analysis by the
<Insert Appropriate Role> and must be documented and shared with
relevant stakeholders.
Incident Response Policy Template
All moderately critical or critical security incidents must have post incident
analysis done by the <Insert Appropriate Role> for appropriate
documentation, analysis and recommendation on ways to limit risk and
future exposure.
1.
2.
4. Policy Enforcement
4.1 Policy document sponsor and owner: <Head of Cyber Security Department>.
4.3 Any violation of this policy may subject the offender to disciplinary action as per
the procedures followed in <entity name>.