knowledge/csirp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
main
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Hermes Agent bf3cadc697 Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
containment
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
eradication
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
post-incident
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
recovery
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
templates
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00
README.md
Initial commit: GreySec CSIRP
2026-05-08 18:07:02 -05:00

README.md

GreySec Cyber Security Incident Response Plan (CSIRP)

Standardized incident response procedures following NIST SP 800-61.

Structure

  • containment/ - Initial containment procedures and isolation steps
  • eradication/ - Threat removal and vulnerability remediation
  • recovery/ - System restoration and monitoring procedures
  • post-incident/ - Lessons learned and process improvement
  • templates/ - IR forms, checklists, and report templates

Severity Levels

Level Description Response Time
Critical Active breach, data exfiltration Immediate
High Confirmed malware, unauthorized access 1 hour
Medium Suspected intrusion, investigation needed 4 hours
Low Policy violation, minor anomaly 24 hours

Usage

See individual playbook directories for phase-specific procedures.

Reference in New Issue View Git Blame Copy Permalink
S
Description
Cyber Security Incident Response Plan templates and procedures
Readme 28 KiB
Languages
Markdown 100%