CYBERSECURITY INCIDENT CASE MANAGEMENT CHECKLIST TEMPLATE

Created by ChecklistGuro (https://checklistguro.com)


--- DETECTION & REPORTING ---
[ ] Date of Detection
[ ] Time of Detection
[ ] Detection Method (SIEM Alert, User Report, Endpoint Detection, Network Intrusion Detection, Other)
[ ] Initial Description of Incident
[ ] Severity Score (if applicable)
[ ] Reported By (User, Automated System, 3rd Party)

--- CONTAINMENT ---
[ ] Affected System(s) Tier (Tier 1 (Critical), Tier 2 (Important), Tier 3 (Minor))
[ ] Systems Isolated (Web Servers, Database Servers, Email Servers, Workstations, Network Devices)
[ ] Number of Systems Isolated
[ ] Isolation Start Date
[ ] Isolation Start Time
[ ] Containment Actions Description
[ ] Isolation Zone Location

--- ERADICATION ---
[ ] Root Cause Analysis Summary
[ ] Vulnerability Exploited (if applicable) (Malware, Phishing, SQL Injection, Zero-Day Exploit, Misconfiguration, Unknown)
[ ] Number of Affected Systems
[ ] Malware Sample (if applicable)
[ ] Remediation Steps Taken
[ ] Patch Status (for Affected Systems) (Patched, Not Patched, Pending Patch)

--- RECOVERY ---
[ ] System Restoration Start Date
[ ] System Restoration Start Time
[ ] Percentage of Systems Recovered
[ ] Detailed Description of Recovery Actions Taken
[ ] Data Integrity Verification Method (Automated Scripts, Manual Verification, Third-Party Tool)
[ ] Data Verification Completion Date
[ ] Description of any Data Loss or Corruption

--- POST-INCIDENT ACTIVITY ---
[ ] Summary of Incident Root Cause
[ ] Detailed Timeline of Events
[ ] Affected Systems/Assets (Server A, Database B, Endpoint C, Network Segment D)
[ ] Estimated Financial Impact ($)
[ ] Date of Post-Incident Review
[ ] Recommendations for Improvement
[ ] Incident Severity Level (Reassessed) (Low, Medium, High, Critical)

--- LEGAL & COMPLIANCE ---
[ ] Applicable Data Breach Laws? (GDPR, CCPA, HIPAA, State Data Breach Laws, Other (Specify in Long Text))
[ ] Specific Legal/Regulatory Requirements?
[ ] Date of Legal Consultation?
[ ] Estimated Number of Affected Individuals
[ ] Notification Requirements? (Attorney General, Affected Individuals, Credit Reporting Agencies, Media)
[ ] Summary of Legal Review and Advice
[ ] Legal Consultation Documentation

--- COMMUNICATION ---
[ ] Communication Method (Email, Phone, SMS, Instant Messaging)
[ ] Initial Communication Draft
[ ] Stakeholders to Notify (Legal Team, PR Department, Executive Management, Affected Users)
[ ] Date of First Communication
[ ] Time of First Communication
[ ] Contact Person Details (Recipient)

--- EVIDENCE PRESERVATION ---
[ ] Date and Time of Evidence Collection
[ ] Exact Time of Evidence Collection
[ ] Location of Evidence Found
[ ] Detailed Description of Evidence
[ ] Photos/Screenshots of Evidence
[ ] Signature of Evidence Collector
[ ] Chain of Custody Record Number

--- END OF TEMPLATE ---
Transform this text into a digital, automated, and trackable mobile app!
Visit: https://checklistguro.com/templates/case-management/cybersecurity-incident-case-management-checklist-template
(Click "Install Template" to launch your digital inspection tool immediately)