Incident Response Plans

Updated Feb 27, 2024

Prepare your incident response plan

As an Incident Response (IR) JumpStart® customer, you can build your IR plan within the Cyber JumpStart Portal. If you experience a major cybersecurity incident, IR plans can help you quickly access IR experts who can assist with identifying and containing cyberattacks, and restoring the organization to pre-incident operations.

Note: If you are an existing Arctic Wolf® Managed Detection and Response (MDR) customer and want to know if you are eligible to opt in to the IR JumpStart Retainer, contact your Concierge Security® Team (CST) at security@arcticwolf.com.

IR plans contain several sections that you can add information to. We recommend filling out all sections to make sure that the IR team can move faster and be more thorough in the event of an incident. However, you do not need to fill in every section. For a list of the most crucial components and fields, see IR plan components.

Steps

  1. Build an IR plan in the Cyber JumpStart Portal.
  2. Review the IR plan.

Step 1: Build an IR plan in the Cyber JumpStart Portal

  1. Sign in to the Arctic Wolf Unified Portal.
  2. Click App Launcher > Cyber JumpStart.
  3. On the JumpStart IR Planner tile, click Open.
  4. In the Response Team section, add the information for each applicable component:
    1. In the appropriate section, click Add info.
    2. Enter the contact information.
    3. Click Save.
  5. In the External Providers section, add the information for each applicable component:
    1. In the appropriate section, click Add info.
    2. Enter the provider information.
    3. Click Save.
  6. In the Locations and Networks section, add the information for each applicable component:
    1. In the appropriate section, click Add info.
    2. Enter the location or network information.
    3. Click Save.
  7. In the Incident Escalation section, add the information for each applicable component:
    1. In the appropriate section, click Add info.
    2. For each question, enter a response.
    3. Click Save.
  8. On the Critical Business Functions tab, for each business function that is high priority in the restoration process after a security event, complete these steps:
    1. Click Add New Critical Business Function.
    2. Enter details about the business function.
    3. Click Add New System for each supporting system for that function.
    4. Enter details about the system.
    5. For the system information, click Save.
    6. For the business function, click Save.
  9. On the Critical Business Functions tab, click Finish.

Step 2: Review the IR plan

The review process is different depending on if you have an assigned CST.

Note: Only subscribers to an Arctic Wolf service can request an IR plan review session. Users in the broker program cannot request an IR review session.

Based on your situation, do one of these actions:

Request an IR plan review from a CST

Schedule an IR plan review session

If you do not have an assigned CST, you receive an email that includes a URL to schedule the session with an IR director.

Note: Only schedule the IR plan review session if your IR plan is complete, or completed to the best of your ability.

  1. On the Scheduling page, select a date and time.

  2. Click Confirm.

  3. Enter your name, email, organization, and any preliminary questions or topics that you want to cover during the session.

  4. Click Add Guests to add other attendees.

  5. Click Schedule Event.

    You receive a confirmation email and calendar invitation for the selected date and time.

  6. At the scheduled time, click the Zoom meeting URL in the calendar invitation.