Cyber Management Alliance has a free cyber incident response plan template on their website www.cm-alliance.com. Based on the guide created by NIST, here are its six components:
- Prepare: Align policies on personal information, data protection and network security with your technology infrastructure. Identify critical assets.
- Identify: Know when you've suffered a breach. Establish who discovered it, the extent, if operations are affected and the possible source. Document everything.
- Contain: Mitigate the damage. Determine what systems have to be taken offline, if anything can be deleted, short and long term strategy.
- Eradicate: Patch vulnerabilities, remove malware and update software. Wipe all malicious content without deleting needed data.
- Recover: Get back online once the system has been repaired.
- Lessons learned: Review the incident so it will not be repeated.
Since "everyone can and will be breached" it is important to have a plan in place in advance.