# GreySec Cyber Security Incident Response Plan (CSIRP)

Standardized incident response procedures following NIST SP 800-61.

## Structure

- `containment/` - Initial containment procedures and isolation steps
- `eradication/` - Threat removal and vulnerability remediation
- `recovery/` - System restoration and monitoring procedures
- `post-incident/` - Lessons learned and process improvement
- `templates/` - IR forms, checklists, and report templates

## Severity Levels

| Level | Description | Response Time |
|-------|-------------|---------------|
| Critical | Active breach, data exfiltration | Immediate |
| High | Confirmed malware, unauthorized access | 1 hour |
| Medium | Suspected intrusion, investigation needed | 4 hours |
| Low | Policy violation, minor anomaly | 24 hours |

## Usage

See individual playbook directories for phase-specific procedures.