Bixal Solutions Incident Response Procedure Checklist#

This is a short, actionable checklist for the Incident Commander (IC) and Responders to follow during incident response. It's a companion to the Incident Response Plan where you can find the full details of each step.

Step 1: Breathe#


There is often overlap between these two roles, especially at the beginning of an incident response.

Incident Commander (IC)#



At this point, the Incident Commander (aka the first Responder) is usually working alone:


The Responders (more than one is OK) work to:

The Incident Commander:


The Responders work to determine cause, find resolution and return the system(s) to normal operations.

The Incident Commander coordinates activity:

Once the incident is resolved:

Special situations#

Extra checklists for special situations that don't always occur during incidents:

False Alarm#

Follow this checklist if an event turns out not to be a security incident:

Handing off IC#

Follow this checklist if you need to hand over IC duties:

Edit on GitHub

Documentation built with MkDocs using a modified Windmill Dark theme