Form 172.5A Incident Response Plan for Threats to Information Security


The purpose of this plan is to respond to advanced and/or persistent threats to information security that have, or could result in, an economic loss or other damage to our customers, our business or our reputation. The goal of the plan is to minimize damage to customers and our business through containment of an incident and the restoration of systems affected.

All staff will receive training on what constitutes a threat to information security and action to take in the event they suspect or learn that an advanced persistent threat has occurred. This document is intended to meet the highest standards and is an active part of our Business Continuity Program.

Form 172.5B Information Security Threat Response Form on page 3, Form 172.5C Sample Customer Notification Letter on page 18, and Form 172.5D Notification Log on page 20 are essential parts of this document and designed to be used in conjunction with this plan.


Responsibilities taken in response to a compromise of information security are included in the Form 172.5B Information Security Threats Response Form. The Insert name and title is responsible for completing Form 172.5B Information Security Threats Response Form in order to document and guide response activities and assuring that all notifications are included in Form 172.5D Notification Log.

2.Incident Response Team

The Incident Response Team is composed of the following individuals

Team membership may be increased based on circumstances and, if necessary to meet, the team will meet as soon as possible after an incident is discovered or reported. The team will also meet annually to review and recommend approval of the Plan to the board of directors.

The Incident Response Team is responsible for

  • conducting security awareness training among employees,
  • seeing that penetration testing is done,
  • serving as liaison with regulators,
  • law enforcement and media,
  • recommending action to be taken and
  • reporting to the board of directors and regulators.

3.Types of Incidents

An incident may or may not involve physical security, information security, electronic security, or network security.  An evaluation by the team will determine whether a situation qualifies as an “incident” that requires action to be taken.
Examples of physical security incidents include

  • Improper handling of shred bins
  • Theft of computers and/or data storage media
  • Social engineering.

Examples of information security incidents are

  • Violation of a customer’s “opt-out” request
  • Unnecessary viewing of employee accounts by another employee
  • Unnecessary requests for credit reports.

Examples of electronic security incidents include

  • Phishing attacks that target customers
  • Unauthorized access to online and/or telephone account systems
  • Social engineering (via telephone)
  • Unauthorized access to the private branch exchange (PBX) system.

Examples of network security incidents include

  • Unauthorized access to the wide area network (hacking)
  • Social engineering (via email)
  • Unauthorized erasing of system files by an employee

Form 172.5B Information Security Threat Response Form

Date & time incident was first reported :      Name(s) of person(s) reporting incident :     
Name of person completing this form:           Email:     
Part 1 Alert, Intrusion Identification and Immediate Response

Who first alerted management of the incident?

Insert here

Was the incident reported by a third party? Yes No

If yes, was there a lapse between external detection (e.g., by a vendor) and internal awareness (notification received from vendor)? Document and explain.

Insert here

How was the incident detected? Who was alerted for immediate response? What methods were used to monitor the incident?

Insert here

Activate all monitoring and audit logs.

Date and time: Action taken:

Insert here

Source of threat internal external

What is the type of incident? See 0.3.Types of Incidents on page 2.

Physical security Information security Electronic security Network security

Severity Level.

Identify the severity level: Negligible Tangible Significant Severe

Use the Business Impact Scale given in the Business Impact Analysis if available.

Explain which business values listed in the Business Impact Analysis are or may be threatened and how:

Insert here

If impact is rated Significant or Severe, elevate the event to a disaster.

Has the event been elevated to a disaster? Yes No

If yes, complete this part, if no, skip to next part.

Begin Response & Recovery Log in Continuity Management Manual. Continue to complete this form.
Notify and convene the Incident Response Team. The Incident Response Team should meet as soon as possible.

List all staff notified on Form 172.5D Notification Log on page 20.



To get the full access of the form please purchase it from below buy now button

©2012 Data Control Specialists, Inc.  Plan for Threats to Information Security