Incident response and recovery
Incident management guidance
Enacting a disaster recovery plan
Containment, mitigation and impact minimisation
NCSC Board Toolkit – NCSC link
Assessing incident severity and damage
Action log template and guidance
NCSC reporting guidance (Police / ICO) – NCSC link and additional links
Restoration processes
- Replacing hardware and getting prompt approvals
- Patching / reinstalling software
- Cleaning infected machines
- Changing compromised user credentials
- Using specialist recovery services
Post incident evaluation template