Incident Response Plan

If you’re sitting in the middle of a cyber attack calm and cool as a cucumber, it’s because YOU have an Incident Response Plan (IRP). You know what to do, where to be, and as soon as you get everyone’s attention, you’ll be able to bring order to the chaos.


Download this Cyber Incident Response Plan Cheat Sheet PDF to share with your team.

Incident Response Plan 101




Watch our free cyber security awareness video that covers the timeline for your Cyber Incident Response Plan -  Before the Incident, During the Incident, and After the Incident.





1. Definitions Matter

Make sure your team understands the difference between an Event and a Crisis; Incident and Breach; and Ticket and Case.

2. What Is Your Name?

Don't make introductions during a crisis. Ensure everyone involved in the IRP knows each other before an incident occurs.

3. Where Is Joe?

Ensure the people who are activating the IRP are on stand-by. 

4. Practice Makes Perfect

PRACTICE, PRACTICE, PRACTICE! It doesn't do anyone any good to build a plan, place it on the shelf and not use it until you need it. PRO TIP: when you do a simulation, send a few people to get coffee and check if the rest of the team can figure out what to do. 

5. Who Has A Hard Copy?

Everyone who is involved in the IRP should have a hard-copy wherever they are.




1. Always Communicate

Make sure to control the message. You don't want someone to tweet about it.

2. The Next Update Is In...

Keep regular cadence with those who need to know updates at a specific time. This will not only limit the amount of people knocking on your door every 5 minutes asking for updates. 

3. Can I Talk To The Manager?

If there is a vacuum in leadership, people will run everywhere. Establish a chain of command and clarify what people are not supposed to do.




1. Reflect On What Happened

Take the time to think about how the incident occurred, what you can do to prevent another one, how your team responded to the incident, and the overall effectiveness of your IRP.

2. Invest Time In A Review 

Devote the same amount of time AFTER the incident as you did DURING the incident.

3. Provide Feedback

Be sure to acknowledge those team members who did well and provide additional training to those you didn't.



More Security Awareness Training Downloadable PDFs

Security Policies

Security Policies How To Do It RightDownload PDF

What Is Zero Trust?

What Is Zero TrustDownload PDF


Hear from the Experts

In this Wizer "Back to the Basics" Webinar in partnership with SideChannel, learn everything you need to know about Incident Response Plan and how to build an effective one from this powerhouse panel of cyber security experts. 



Why Security Awareness is Key

It's not secret that many of the incident start with a social engineering attack like phishing or spear phishing. So beyond training the IR team, it's wise to ensure employees are also training on how to avoid becoming a target. This is usually done through security awareness training and phishing simulation. Wizer Security Awareness Training offers both. We mastered the power of short stories to make security awareness training relatable and memorable. And best of all, you can start free and upgrade later.