Using the CISA Incident Response Playbook at your Organization

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Using the CISA Incident Response Playbook at your Organization (IR211) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” CISA released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch (FCEB) networks. This course introduces students to the Incident Response Playbook that describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out. The course will include a tabletop discussion format that follows a simulated IR event/scenario and guides students through the CISA IR checklist and IR phases. While the playbooks are intended for federal agencies, CISA encourages public and private sector partners to review them to help inform their own incident response practices.