6 phases - Based on NIST

Incident Response Checklist

Check if your organization is prepared to respond to security incidents based on NIST.

completed

Start checking items below

0 of 27 items verified

BeginnerBasicIntermediateAdvanced

1. Preparation

0/5 items

Documented and updated response plan.Team defined with clear roles.Emergency channels established.Periodic training and simulations.Active detection tools (SIEM, IDS/IPS, EDR).

2. Detection & Analysis

0/5 items

Continuous log monitoring.Severity classification criteria.IoC documentation.Root cause analysis.Escalation process by severity.

3. Containment

0/4 items

Short-term containment (isolation).Long-term containment (segmentation, blocking).Forensic evidence preservation.Stakeholder communication.

4. Eradication

0/4 items

Malicious artifact removal.Patches on exploited vulnerabilities.Persistence verification on other systems.Firewall and IDS/IPS rule updates.

5. Recovery

0/4 items

Restoration from verified backups.Intensive post-restoration monitoring.Service validation.Return-to-normal communication.

6. Lessons Learned

0/5 items

Lessons learned meeting.Full incident documentation.Response plan update.Security control improvements.IoC sharing with the community.

Tip

Test your response plan at least 2x/year with realistic simulations.