OpenClaw LaunchOpenClaw Launch
🚨

Incident Response Plan

Verified

by Community

Develops incident response plans with detection, containment, eradication, and recovery procedures, communication templates, and post-incident review frameworks.

securityincident-responsebreachplanningforensicsrecovery

Incident Response Plan

Create and maintain security incident response procedures for organizations of any size. Covers the full incident lifecycle from detection through recovery and lessons learned.

Usage

Describe your organization size, infrastructure, and current incident handling capabilities. The planner creates a customized response plan with procedures, communication templates, and team assignments.

Parameters

  • Org size: Startup (1-20), SMB (20-200), or Enterprise (200+)
  • Infrastructure: Cloud-only, Hybrid, or On-premises
  • Compliance: SOC 2, HIPAA, PCI DSS, GDPR, or None specific
  • Current state: No plan, Basic plan, or Existing plan needing update

Examples

  1. Startup IRP: Lightweight incident response plan for a 15-person SaaS startup — who does what, communication chains, cloud-specific containment steps, and customer notification templates.
  1. Data Breach Playbook: Specific procedures for a confirmed data breach — evidence preservation, legal notification requirements (72-hour GDPR), customer communication, and regulatory reporting.
  1. Ransomware Response: Step-by-step ransomware incident procedures — network isolation, backup verification, negotiation considerations, decryption options, and recovery prioritization.
  1. Cloud Compromise: AWS account compromise response — IAM key rotation, CloudTrail analysis, resource inventory, and service-by-service containment procedures.

Guidelines

  • Plans follow NIST SP 800-61 framework: Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned
  • Roles and responsibilities are clearly assigned with primary and backup contacts
  • Severity classification system helps triage incidents appropriately (P1-P4)
  • Communication templates are pre-written for internal, customer, media, and regulatory notifications
  • Evidence preservation procedures maintain forensic integrity for potential legal proceedings
  • Containment strategies balance security with business continuity needs
  • Recovery procedures include validation testing before returning to production
  • Post-incident reviews (PIR) follow a blameless format with specific improvement actions
  • Plans are tested through tabletop exercises at least quarterly
  • Legal counsel involvement is specified for incidents involving customer data

More Security Skills

shield
1Claw

HSM-backed vault for agent secrets; store, rotate, share securely.

shield
1Password

Set up and use 1Password CLI (op).

shield
Auditing Appstore Readiness

Audit an iOS app repo.

shield
Authensor Gateway

Fail-safe policy gate for OpenClaw marketplace skills.