Incident Response Checklist for Executives

How leaders can work with IT teams to help, not hurt, during a security incident

What’s Inside

Ransomware attacks, Denial-of-Service attacks and data breaches are more than IT problems — when your company gets attacked, you need to know the plan. Your IT department’s Incident Response Plan is only the starting point. How do CEOs, CFOs, COOs and other leaders support the IT team to help, and not hurt, as you get through the first 48 hours together?

This questionnaire is designed to help leaders — especially those outside the IT department — assess their company’s readiness for a cyber incident. It includes a sharable “In Case of Emergency” quick reference page to list key contacts, the location of the Incident Response Plan and other information leaders will need to access quickly.

Key Points

Leaders can use this questionnaire to confirm their plan covers the most important aspects of a cybersecurity incident response, such as:

  1. Who should be contacted immediately?
  2. Who maintains the incident response plan, and where it is kept?
  3. Who is in charge of the response, and what authority do those people have?
  4. Is there a cyber insurance policy? Who is responsible for informing the carrier of an event, and when?
  5. Who will document events, the system state, response actions, and maintain evidence with proper chain of custody?
  6. Who will manage internal and external communications? Is regulatory reporting required?

Why it Matters

Don’t let your first cyber breach be the first time you test your security incident response plan. Use this questionnaire and the “In Case of Emergency” card to make sure that your organization is prepared when (not if) an information breach, denial-of-service attack or ransomware attack occurs.