Incident Readiness Playbook
This playbook outlines the key elements SMBs should consider when preparing for cyber incidents. Use it as a guide for tabletop exercises and actual response planning.
🧭 Phase 1: Preparation
- Designate an incident coordinator
- Maintain an up-to-date contact list (internal and external)
- Create communication templates for internal and public messaging
- Review and store system diagrams and backup locations
🚨 Phase 2: Detection & Analysis
- Centralise log collection and alerting
- Define severity levels and escalation paths
- Capture indicators of compromise (IOCs)
- Initiate isolation of affected systems
🔧 Phase 3: Containment & Eradication
- Revoke compromised credentials
- Apply patches or remove malicious code
- Validate system integrity before reintroducing to network
🔁 Phase 4: Recovery & Review
- Restore from clean backups
- Monitor for reinfection or anomalies
- Conduct post-incident review
- Update documentation and procedures
✅ Incident Response Roles Table
| Role |
Responsibility |
| Incident Coordinator |
Leads response, communicates status |
| Technical Lead |
Guides analysis and containment steps |
| Comms Officer |
Handles internal/external messaging |
| Backup Coordinator |
Manages recovery and validation |
👉 Book your free consultation today
📧 hello@virtusgroup.biz
🌐 virtusgroup.co.nz
📞 0800 847 887 (VIRTUS)