Without a fully documented cyber incident response (IR) plan in place, navigating the steps of managing an incident becomes chaotic, ineffective and causes damage that could otherwise be avoided with an IR plan in place. The exercise of actively preparing for a cyber attack is to make sure an ECC is able to continue critical operations in the event of a compromise. We know that every organization and every sector is a potential cyber target. No network structure is 100% secure. Having a documented plan in place allows you to manage the incident response cycle through every step of stopping the attack all the way to recovery and learning from that attack as well to strengthen your cyber resiliency.

Objective: To help law enforcement leadership put together a professional and clear cyber incident response plan that allows their entire organization/agency to respond quickly in the event of an incident and effectively mitigate damage and further escalation of a cyber attack.

1. Learn why a Cyber Incident Response Plan (CIRP) is a necessity.
2. Learn who should be part of your IR team.
3. Learn how to build your Incident Response Plan template following NIST and TFOPA best practices.
4. Learn how to test and put your IR plan into action.