Incident Response Runbooks
Incident Response (IR) Runbooks are in-depth guides about how to prepare for and respond to a cyberattack. Runbook information supplements response actions and does not replace your IR team.
IR Runbooks contain information about:
- Phases of a cyberattack
- Which teams should be involved at different stages of the attack
- Preventative actions
- Containment
- Restoration
- Analysis of the attack
These types of runbooks are available:
- General — A high-level runbook that prepares you for a variety of cybersecurity incidents. We recommend that you read the general runbook and document all findings, gaps, and communication weaknesses with your response team.
- Ransomware — A runbook for an attack where malware encrypts your information to lock you out. These attacks are financially motivated, with the intent of making you pay a ransom to retrieve your information.
- Business email compromise (BEC) — A runbook for when an attacker compromises your email accounts to steal data, commit wire fraud, and spread malware.
- Surge — A runbook for a large-scale attack that affects multiple customers. Large-scale attacks can cause IR to be less available than usual. Your response needs to take that into consideration.
- MSP — A runbook for Managed Service Providers (MSPs) to understand how they and their MSP customer organizations need to be involved during an incident.
Note: This runbook is only available for MSPs.