K12 Incident Response Management Plan Template
The purpose of the [District] Incident Response Management Plan has been developed to provide direction and focus to the handling of information security incidents that adversely affect [District] Information Resources. The purpose of the Incident Response Management Plan is to allow [District] to respond quickly and appropriately to information security incidents.
The [District] Incident Response Management Plan applies to any person or entity charged by the [District] Incident Response Commander with a response to information security-related incidents at the organization, and specifically those incidents that affect [District] Information Resources.
(District/Organization) Information Security activities, recommendations, and decisions must be documented and available to appropriate personnel.
- Any observable occurrence in a system, network, environment, process, workflow, or personnel. Events may or may not be negative in nature.
Adverse Events Definition
- Events with a negative consequence. This plan only applies to adverse events that are computer security-related, not those caused by natural disasters, power failures, etc.
A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices that jeopardizes the confidentiality, integrity, or availability of information resources or operations. A security incident may have one or more of the following characteristics:
- Violation of an explicit or implied [District] security policy
- Attempts to gain unauthorized access to a [District] Information Resource
- Denial of service to a [District] Information Resource
- Unauthorized use of [District] Information Resources
- Unauthorized modification of [District] information
- Loss of [District] Confidential or Protected information
- Blue Team Handbook: Incident Response Edition, Don Murdoch
- NIST SP800-61r2: Computer Security Incident Handling Guide