Cyber incident response executive checklist

Having a clear response strategy and incident plan which helps get your business back on track with minimal disruption will lessen the effectiveness of the attack. It may also help you avoid a situation where your organisation is forced to recover data or system access from an untrustworthy cyber-criminal.

This checklist has been developed as a tool to help your organisation refine your own incident response plan, so should the worst happen, you have a good frame of reference and understanding of what factors should be covered. 

The checklist includes the following key areas of response: 

• governance
• legal
• external communications
• internal communications
• customer and regulator notification
• notification of third parties/ suppliers
• human resources
• finance.

The Privacy Commissioner also provides an excellent privacy breach self-assessment tool if you are unsure whether you need to report a cyber-incident.