Oct 11 2022

Checklist: How to Create Your University’s Incident Response Playbook

Follow these steps to ensure your plan is ready for action.

Cybercriminals are becoming more advanced, and their attacks are increasing in complexity and severity. According to VMware’s “Global Incident Response Threat Report,” more bad actors are moving around within systems once inside them, and targeted victims experience destructive attacks more than 50 percent of the time. VMware notes that it is more important now than ever for organizations to practice cyber vigilance and put incident response plans in place to guard against these sophisticated attacks.

In higher education, an industry increasingly plagued by cyberattacks, having an up-to-date incident response playbook is vital. Not only do comprehensive plans help universities quickly respond to and recover from security breaches, they also are important for obtaining cyber insurance.

Here are the steps higher education institutions should take to develop and maintain an effective incident response playbook.

Click the banner below to learn how to strengthen your team's security strategy.

Make Sure You Have a Clearly Defined Incident Response Policy

This defines key terms, establishes time frames and priorities for responding to incidents, and explains all roles and responsibilities. The incident response policy will help inform your incident response plan.

Provide Training for Everyone Involved in the Incident Response Plan

Internal and outsourced incident responders are important players, but don’t overlook security operations center personnel, IT support staff and end users when developing your playbook. Training for all parties on software, incident identification and reporting is critical.

NCSAM visual sidebar

Develop Incident Response Processes

In addition to security-related processes, be sure to define processes for communication, reporting, sharing information and coordinating with law enforcement. Set aside adequate funding for development and maintenance of these procedures.

Include Relevant Technologies in Your Budget Planning

Technologies might include continuous monitoring, centralized logging and log analysis, network security controls, vulnerability management systems, anti-malware and anti-phishing tools, and ticketing systems.

Regularly Review and Update Your Incident Response Playbook

Plans should be reviewed at least once a year and revisited when the university’s incident response policy changes.

Conduct Regular Training and Tabletop Exercises

Exercises and tests ensure all appropriate parties know their roles in carrying out the incident response plan. They also can be valuable for identifying shortcomings in the plan itself.

Bookmark this page for more security stories during Cybersecurity Awareness Month.


Nuria Seguí/Stocksy

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT