· Security · 1 min read
Building an Incident Response Plan
How to build an incident response plan around the NIST incident response life cycle, ready for NIS2 deadlines.
An incident response plan is what stands between a bad day and a reportable disaster. The good news: you do not have to invent one from scratch.
Use the NIST incident response life cycle
The NIST incident response life cycle gives you four repeatable phases:
- Preparation — tooling, roles and playbooks ready before anything happens.
- Detection and analysis — spot the incident and understand its scope.
- Containment, eradication and recovery — stop the bleeding and restore service.
- Post-incident activity — learn and improve.
Match it to the deadlines
Under NIS2, an early warning is due within 24 hours and a notification within 72. Your plan should make those deadlines a built-in step, not an afterthought.
Where this fits
Read the vulnerability management and critical infrastructure protection guides, and compare open-source incident response tooling to run the plan.