On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning: Establish a Cyber Incident Response Team Develop a 24/7 Contact list for Response Personnel Compile Key Documentation of Business-Critical Networks and Systems Identify Response Partners and Establish Mutual Assistance Agreements Develop Technical Response Procedures for Incident Handling that your team can follow: External Media - An alert identifies someone plugged in a removable USB or external device  Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications.  (Examples Attackers trying thousands of passwords on login pages) Web - A Web Application Firewall alert shows attacks carried out against your website or web-based application Email - A user reports phishing attacks with a malicious link or attachment Impersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property) Improper Usage - Attack stemming from user violation of the IT policies.  (Example employee installs file sharing software on a company laptop)  Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop) Classify the Severity of the Cyber Incident Develop Strategic Communication Procedures Develop Legal Response Procedures Obtain CEO or Senior Executive Buy-In and Sign-off Exercise the Plan, Train Staff, and Update the Plan Regularly To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link