Cyber Incident Response

Creating a cyber incident response plan

All organisations understand the disruptive impact that loss of service can have on the business.

Business Continuity plans are well understood to plan for the disruptive impact of extreme weather events, fire or technology failure. Cyber attacks are an additional business risk for organisations and they should be planned for like any other risk to the business.

It is essential that organisations have a clearly defined plan to prevent, detect, respond and recover from cyber attacks, particularly the most common attacks. 

Section Cyber Incident Response Pack

Cyber Incident Response Pack

CyberScotland Partner, the Cyber and Fraud Centre – Scotland, have created a Cyber Incident Response Pack that contains documents to help support your organisation plan your response to a cyber incident. The documents will compliment any existing Incident Response Plan or assist you in creating one.

The Incident Response Pack contains

Download Incident Response Pack
Section Creating a cyber incident response plan

Creating a cyber incident response plan

The Small Business Guide to Response and Recovery provides small to medium sized organisations with guidance on how to prepare their response, and plan their recovery from a cyber incident.

Developing an incident response plan is a critical step towards preparing a robust and effective incident management and technical response capability.

This guide includes:

  • Preparing for incidents
  • Detecting an incident has occurred
  • Steps to resolve the incident
  • Reporting the incident to wider stakeholders
  • Learn from the incident

If you’re a larger business, or face greater impact from a cyber incident, then the Incident Management section of the NCSC 10 Step Guide can further help your cyber response. Board members should refer to the NCSC guidance on planning your response to cyber incidents.

Go to Response Guide

Having an understanding of

  • what’s important to your business
  • why it’s important, and
  • what you are doing to protect them

will help you prioritise where you need the most protection.

Learn how to protect yourself or your small business or charity online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve your cyber security.

Section Testing your response arrangements

Testing your response arrangements

It is important to test your organisation’s incident response plan, in the same way you test out your health and safety or fire drills.

The best way to test your staff’s understanding of what’s required during an incident is through exercising.

The NCSC’s Exercise in a Box (EiaB) is an online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response. The service provides exercises, based around the main cyber threats which your organisation can undertake at times suitable for you. It includes everything you need for setting up, planning, delivery and review.

Exercise in a Box tool

Introduction to the STOic TTX Facilitator training series.

The series is a comprehensive course in being an effective tabletop exercise facilitator and provides tips for any tabletop exercise facilitator as well as training specifically for the STOic approach.

Section Cyber Capability Toolkit

Cyber Capability Toolkit

The Cyber Capability Toolkit has been created to support Public Sector organisations to better manage their cyber incident response.

The Toolkit contains;

  • A Model Incident Response Plan template
  • A set of Playbooks covering Denial of Service, Malware, Data loss, Phishing and Ransomware attacks
  • A Cyber Incident Assessment tool designed to provide high level insight into the organisations maturity across a range of related incident management controls
Cyber Capability Toolkit

The Cyber Capability Toolkit will be subject to constant review and it’s contents are to be regarded as live documents, building on good practise, lessons from exercises and incidents and feedback of public sector bodies.

Exercise in a box

Exercise in a box is an NCSC online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response. The service provides exercises, based around the main cyber threats which your organisation […]

Read more Exercise in a box in modal dialog

Incident Management

The NCSC defines a cyber security incident as: A breach of a system’s security policy in order to affect its integrity or availability The unauthorised access or attempted access to a system Cyber incidents can take many forms, such as […]

Read more Incident Management in modal dialog

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Read more Early Warning Service in modal dialog
Back to top of the page