A playbook is a detailed cyber incident response plan, which should focus on specific incident types such as phishing emails; ransomware; and website distributed denial of service attack, etc. Based on the top 3-5 high-risk incidents to an organisation, a playbook should specify who to contact, how to triage an incident; provide guidance on reducing impact; and steps on retaining evidence or data if required.
Start by identifying the top 3-5 most likely and high-risk incident types to your organisation. For example, if you are reliant on your website for customer orders and payments, a distributed denial of service attack could take your website offline for a number of hours potentially impacting customer sales orders.
Clarify who the key cyber incident response contacts are including; technical teams; external suppliers; senior management; legal, HR, and communications, etc. Ensure roles and responsibilities are documented and understood. Ensure your technology teams are clear on how to triage the incident. Clearly identify which individuals have the authority to take critical response actions. Document how to contact team members 24/7, designate an alternate for key roles, and outline a rhythm for how and when the team will convene and deliver updates.
Document where network, applications and systems diagrams, logs, and inventories are kept and maintained. Document access credentials and procedures for removing access or providing temporary access to key members of the incident response team.
Document response procedures for investigation and documentation, incident containment actions for various types of attacks, and procedures for cleaning and restoring systems. Procedures should be carefully followed to prevent the expansion of an event, mitigate its effects, and resolve the incident. Preservation of evidence and recording of actions taken may require engagement with Legal and law enforcement if there is a decision to undertake legal proceedings.
Identify what information to communicate to key stakeholders and when, and what type of cyber incidents warrant internal communication with employees and public communication with customers, regulators, insurance providers and the media. Develop key messages and incident notification templates in advance.
Treat your incident response plan like your fire drills, run scenarios to test that the plan, roles and key players in the organisation are clear on the steps to take in the event of a cyber-attack.
Got a question? Just get in touch
We have insights into developments that affect your business. We can provide you with unique perspectives and thoughtful solutions so you can meet new challenges and seize opportunities.
The European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) have issued a discussion paper examining the potential review of the Investment Firms Regulation (IFR) and Investment Firms Directive (IFD), which sets capital and risk management requirements for investment firms in the European Union.
After several years in development, the newly crafted AI Act has entered into force following its publication in the Official Journal of the European Union. Designed to regulate artificial intelligence (AI), it aims to create better conditions for its innovation and application. The act is part of the EU Digital Regulation package, which includes other significant regulations such as the General Data...
Given the publication of the AI Act in the Official Journal of the European Union, the clock is now running to deliver compliance on a stepped basis until full implementation of the AI Act in August 2026.
Tailored solutions for assurance and value creation in a changing world
Forvis Mazars supports you in achieving and maintaining data protection & privacy compliance.
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Forvis Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.