AI Governance Library

Cyber Incident Response Plan Template

A detailed, customizable framework for organizations to build their own Cyber Incident Response Plan (CIRP), aligned with standards like NIS2, ISO 27035, and NIST SP 800-61.
Jakub Szarmach
3 min read
Cyber Incident Response Plan Template
CYBER INCIDENT RESPONSE PLAN TEMPLATE
CYBER INCIDENT RESPONSE PLAN TEMPLATE.pdf
3 MB
download-circle

⚡ Quick Summary

This Cyber Incident Response Plan Template by the Centre for Cybersecurity Belgium offers a robust, actionable structure for organizations to develop or refine their cyber incident response strategies. Tailored for flexibility, the template guides users through the entire lifecycle of incident response—from detection to lessons learned. It references best-in-class standards (e.g., ISO/IEC 27035, NIST SP 800-61) and helps organizations prepare for and comply with evolving regulatory requirements, including NIS2. The inclusion of real-world examples, standard operating procedures, and playbooks (e.g., for phishing, ransomware) ensures the document is not just theoretical but highly practical.

🧩 What’s Covered

The 19-page document is structured as both a teaching guide and a ready-to-adapt policy template. It includes:

  • Governance Structures: Sections on document control, versioning, and authority review allow organizations to establish formal ownership and version tracking of their CIRP .
  • Core Objectives: Establishes goals such as compliance, continuity, accountability, and communication during incidents .
  • Framework Alignment: Based on international standards like ISO/IEC 27001/27035, NIST SP 800-61, and Belgium’s own CyberFundamentals framework .
  • Incident Lifecycle: A visual incident response process flow on page 5 summarizes the five key stages: Prepare, Detect & Analyze, Contain & Remediate, Recover, and Learn .
  • Terminology & Classifications: Definitions are standardized using ISO/IEC and NIS2-aligned terms such as cyber threat, near-incident, alert, and event .
  • Common Threats & Incidents: Includes guidance on phishing, ransomware, DDoS, ICS compromise, and more, with suggested initial response steps .
  • Roles & Teams: Details on building the Cyber Incident Response Team (CIRT) and Management Team (MT), with example contact tables .
  • Communications Protocols: Covers internal and external comms with stakeholders, media, regulators, and employees, including key messaging guidance .
  • NIS2 Reporting Requirements: Outlines 24h, 72h, and 30-day reporting rules under Belgian NIS2 law, including information required for CERT.be .
  • Templates & Tools: Provides formats for incident classification, investigation, evidence logging, containment, and recovery planning .
  • Continuous Improvement: The final sections emphasize the importance of lessons learned meetings and periodic testing of the CIRP .

💡 Why it matters?

This template offers a vital bridge between regulatory compliance and operational readiness. With NIS2 enforcement ramping up across the EU, entities designated as essential or important must now meet strict reporting and preparedness standards. This guide not only demystifies those obligations but also equips organizations with concrete tools—from response playbooks to evidence logs—to act swiftly and defensibly during crises. Its structure supports a proactive security posture, turning lessons learned into process improvements, while fostering cross-team clarity and regulatory alignment.

❓ What’s Missing

  • Sector-specific scenarios (e.g., healthcare, finance, utilities) would improve relevance for high-risk industries.
  • No detailed metrics or KPIs for evaluating CIRP performance over time.
  • Lacks guidance on integrating third-party/vendor risk into incident response.
  • No sample timelines or escalation matrices based on severity—only placeholders.
  • Needs more automation and SIEM tool references to reflect modern SOC workflows.

👥 Best For

  • Mid to large organizations building their first incident response plan.
  • CISOs, DPOs, and CIOs seeking NIS2 compliance guidance.
  • IT and security teams needing ready-to-use playbooks for common threats.
  • Public sector and critical infrastructure operators in the EU.

📄 Source Details

Title: Cyber Incident Response Plan Template

Author: Centre for Cybersecurity Belgium

Published: Not dated, but aligned with NIS2 implementation timelines

Source: https://ccb.belgium.be/en

Standards Referenced: NIS2, ISO/IEC 27001/27035, NIST SP 800-61

📝 Thanks to

Centre for Cybersecurity Belgium for providing this clear and adaptable roadmap toward cyber resilience.

Template
About the author
Jakub Szarmach

Jakub Szarmach

Read next

THE MODEL ARTIFICIAL INTELLIGENCE LAW MAIL v.3.0

Microsoft Responsible AI Impact Assessment Template

AI RMF 1.0 Controls Checklist

The AIGN Framework 1.0

AI Literacy Program Design Template: A Guided Approach

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.