Recommended Reading
The following resources provide substansial background on the cyber incident response process.
CISA: Cybersecurity Incident & Vulnerability Response Playbooks 1
Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems.
When to use this playbook
Use this playbook for incidents that involve confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out.
NIST: Computer Security Incident Handling Guide 2
This document has been created for computer security incident response teams (CSIRTs), system and network administrators, security staff, technical support staff, chief information officers (CIOs), computer security program managers, and others who are responsible for preparing for, or responding to, security incidents
CERT SG: UNIX/LINUX Intrusion Detection 3
A cheat sheet dedicated to handlers investifating on a precise security issue.
Who should use IRM sheets
- Administrators
- Security Operation Center
- CISOs and deputies
- CERTs