counteractive/incident-response-strategy-template: A concise, directive, certain, adaptable, and free incident response program template


This template was designed by the staff at Counteractive Protection, to help all corporations get a excellent begin on a concise, directive, unique, flexible, and free of charge incident reaction prepare. Construct a program you will in fact use to respond properly, decrease charge and effect, and get back again to business as shortly as probable.

Obtain the most up-to-date launch here, a remember to develop an situation or post a pull request with any responses, ideas, or updates.


💡 If you like to work in Microsoft Term (.docx structure), be sure to obtain the instance phrase edition and personalize specifically making use of the directions below.

For individuals doing work in other formats like markdown, html, or pdf, remember to examine on.

Down load or fork this template

The layout is as follows:

  • the core of the approach, steps taken during an incident response.
  • playbooks/: a folder made up of playbooks with investigation, remediation, and interaction strategies for precise incidents. Make playbooks for any incidents that are really probably or hugely harming for your firm. playbooks/ consists of the playbook portion header material, and each individual playbook need to adhere to the conference playbooks/playbook-[THREAT].md.
  • roles/: a folder containing descriptions of just about every purpose in the system, together with responsibilities and training notes. has the roles area header articles, and each position should really stick to the conference playbooks/function-[ORDER]-[NAME].md.
  • the manual to following-motion evaluate (a.k.a., hotwash, debrief, or publish-mortem)—steps taken right after an incident response.
  • a footer containing info about the system/template as a full.
  • information.yml: a file that contains values for the template strings through the plan (see beneath)

Fill details.yml with your organization’s facts

The template documents have a lot of placeholders that Glimpse_LIKE_THIS. The reason of just about every placeholder must be discernable from context, and the default data.yml file is commented for added clarity. This is the mustache template syntax, and has large assistance in a variety of equipment and languages.

The least difficult way to switch these variables is to customise the details.yml file with your organization’s facts and use the presented Makefile (as of v1..) to routinely come across and swap all the pertinent strings. Notice: this calls for make (normally), mustache, and pandoc to be set up and readily available in the user’s $Path. Note: pdf output wants pdflatex (see this gist for recommendations on Ubuntu/Debian), and you can expect to have to have git if you want to clone the repository somewhat than obtain the zipped source.

If you don’t have the data or instruments referenced in the template variables, that’s definitely truly worth correcting. Specially the important facts list (knowledge you want to guard) and vital asset listing (units you want to protect).

Make the template

In your linux, mac, or WSL terminal:

# put in main dependencies, if not by now present
sudo apt-get put in make ruby-mustache pandoc

# for pdf format (big)
sudo apt-get set up texlive-latex-foundation texlive-fonts-recommended texlive-fonts-extra texlive-latex-additional

# improve to the directory of the cloned repository
cd /path/to/incident-reaction-prepare-template

# build the template

This merges the template parts, combines them with your tailor made facts from facts.yml, and outputs all supported formats in the general public/ directory. Which is it!

If you have a unique scenario and want a lot more facts, examine on!

Further more customise the system

  1. Fill in any remaining template variables (the strings that Seem_LIKE_THIS).
  2. Critique all the TODO prompts for likely regions to customize, if sought after. Delete them if no alterations are demanded.
  3. Insert any roles or playbooks pertinent to your group. These can also be additional more than time.
  4. Customize everything else! Regardless of what you really feel is most helpful for your business.
  5. Optional: Customise formatting right or utilizing pandoc’s possibilities. The default Makefile employs the default pandoc variations, and they are not for anyone.

Deploy and use the strategy

The makefile utilizes pandoc to produce a variety of formats, or you can use the markdown information with mkdocs, hugo, or numerous other platforms.


Illustrations in every single structure are accessible in the illustrations listing. The markdown edition is a fantastic location to begin, rendered from markdown to html routinely by github.

Call Us

For qualified support with incident reaction, or with customizing, implementing, or screening your system, you should get in touch with us at get in touch [email protected] or (888) 925-5765.


This template is supplied under the Apache License, model 2.. See the LICENSE and Observe files for additional facts.

References and Supplemental Studying


See problems listing.


See releases webpage.