Training Courses →

Cyber Incident Response Pack

We'll help you be ready before the incident, not during it

The worst time to design your response is while you are losing data. This pack gives you the playbooks, evidence-collection scripts, and decision tools to run an incident end to end, plus the templates to brief executives, regulators, and insurers while it is happening.

$299 One-time purchase · Every future update included Free sample · real documents · no email required Instant download · Editable Word, Excel & PowerPoint · Single-organization license
NIST CSFISO 27035Cyber Insurance Ready
Playbooks for ransomware, BEC, and the common incident types
Windows and Linux evidence-collection scripts
Executive, regulator, and insurer communication templates

In an incident you do not rise to the occasion. You fall to the level of your preparation.

The first hour decides how the next week goes: who is in charge, what gets isolated, what evidence is captured before it is lost, who has to be told and by when. Teams that have never written this down lose that hour improvising. The cost is not just downtime. It is evidence destroyed by a well-meant reboot, a notification deadline missed, an insurer claim weakened.

This pack is that preparation, ready to run. Policy and governance, the playbooks to follow under pressure, the scripts to capture evidence correctly, and the templates to brief executives, regulators, and insurers, so an incident is something you work through rather than something that works through you.

What you can actually do with it

The pack maps to the phases of a real incident, with the documents and tools each phase needs.

1
Stand the program up
An Incident Response Policy, a Program Governance RACI, a Readiness Scorecard, and a Cyber Insurance Readiness Guide, so roles and cover are settled before anything happens.
2
Classify and decide
An Incident Classification Tracking Engine to set severity consistently, and a Regulatory Notification Quick Reference so the clock on reporting is never a guess.
3
Run the response
An Incident Command Workbook, role-specific checklists, a full response procedure, and communications and executive briefing packs to keep the room coordinated.
4
Capture evidence correctly
A chain-of-custody process plus ready-to-run collection scripts for Windows and Linux, covered in detail below.
5
Recover and learn
A Post-Incident Review template and a Program Performance Dashboard to turn each incident into a measured improvement.

Playbooks for the incidents you will actually face

Generic advice does not help at 2am. These are step-by-step playbooks for specific situations, plus a generator to build your own.

Core and extended playbooks
The common incident types worked end to end, from first signal to closure.
Ransomware readiness
A dedicated guide for the scenario most likely to put you out of business, including the decisions you do not want to make for the first time live.
Cloud security playbook
Response adapted to cloud and SaaS, where the evidence and the controls live somewhere other than your servers.
Decision trees and generator
Decision trees for fast triage, and a Dynamic Playbook Generator to produce a tailored playbook for your environment.

Evidence collection that holds up

Most IR template packs stop at documents. This one ships working collection scripts, so volatile evidence is captured correctly under pressure instead of lost to a reboot.

Windows · PowerShell

Scripts to capture volatile evidence, system configuration, and logs, with a single triage runner to collect everything at once.

Linux · Bash

Matching collectors for volatile evidence, configuration, and logs, with a run-all script for fast, consistent triage.

Chain of custody

An evidence preservation and chain-of-custody process so what you collect stands up later, including with an insurer or in court.

What this looks like in practice

Ransomware hits on a Friday night

You open the ransomware guide, run the triage collectors before anything is rebuilt, and brief leadership from a prepared template instead of from panic.

Personal data may have been exposed

The classification engine sets the severity and the notification reference tells you the reporting clock, so a regulatory deadline is met, not missed.

You want to test the plan before you need it

The test exercise guide runs a tabletop against your own playbooks, and the readiness scorecard shows where you are still exposed.

Have the plan, the playbooks, and the tools ready before the call comes.

Editable Word and Excel, runnable Windows and Linux scripts · Buy once, and we send you every future update

Who it's for

Organizations that have realized they could not actually run an incident today, IT and security leads who need a defensible capability without building it from scratch, and consultants standing up incident response for clients. The pack also covers what insurers and regulators expect to see, so the work you do here pays off in cover and in compliance, not only in the response itself.

See inside

Real pages from the documents

A free sample from the Cyber Incident Response Pack. No email required, open it and judge the quality for yourself.

Sample page from the Cyber Incident Response PackSample page from the Cyber Incident Response PackSample page from the Cyber Incident Response Pack

Open the full sample

What is inside

Every document in the pack

19 documents, mapped to ten frameworks including NIST SP 800-61 Rev. 3, ISO 27001:2022, and NIST CSF 2.0. Buy once, and every future update is included.

Start Here · 2 documents
IR-QSG-001Quick Start GuideWord
IR-MAP-001Framework Cross-Mapping ReferenceWord
Foundation · 3 documents
IR-POL-001Incident Response PolicyWord
IR-PROCESS-001Incident Response ProcessWord
IR-PROC-001Incident Response ProcedureWord
Governance and Risk · 3 documents
IR-GOV-001Program Governance RACIWord
IR-LEGAL-001Legal Hold and Privilege PackWord
IR-INS-001Cyber Insurance Readiness GuideWord
Response Operations · 4 documents
IR-COMMS-001Incident Communications PackWord
IR-EXEC-001Executive Briefing PackWord
IR-PIR-001Post-Incident Review TemplateWord
IR-TRAIN-001Training Curriculum Delivery PackWord
Forms and Templates · 1 document
IR-FORMS-001Forms and TemplatesWord
Workbooks · 5 documents
IR-CLASS-001Incident Classification and Tracking EngineExcel
IR-CMD-001Incident Command WorkbookExcel
IR-METRICS-001Program Performance DashboardExcel
IR-READY-001Program Readiness ScorecardExcel
IR-TRAIN-001Training TrackerExcel
Response App · 1 document
Cyber Incident Response App (interactive, runs in the browser)App

Want to see the quality behind the titles? Preview a sample document →

Works well with

Cyber Essentials Pack

Cyber Essentials Pack

$200
Cyber EssentialsNCSC Five ControlsIASME
SME Security Program Pack

SME Security Program Pack

$497
NIST CSF 2.0ISO 27001CIS Controls v8

Document Customization

Need this customized to your organization?

Complete an intake form. We customize every document: industry context, regulatory mapping, calibrated parameters. Delivered in 7-10 business days.

Learn More →

Need the skills to operate the program? Our training platform builds the capability. Explore courses →

Ready to strengthen your security program?

Get started with professional, audit-ready documentation today.

Buy Now · $299 View All Products
Cyber Incident Response Pack $299 Preview Buy Now