Incident Response Plan

Detects incident response plans containing containment procedures and escalation matrices.

Type

keyword_list

Confidence

medium

Confidence justification

Medium confidence: keyword-based detection requires corroborative evidence for accurate identification.

Jurisdictions

au

Regulations

SOCI Act 2018 (Cth), TIA Act 1979 (Cth)

Frameworks

CIS Controls, DISP, ISO 27001, NIST CSF, SOC 2

Data categories

security, technology

Scope

narrow

Risk rating

8

Should match

• Incident response plan: containment and eradication procedures by incident commander — Test match 1
• IRP with incident classification, severity level, and incident timeline — Test match 2
• Post-incident review: lessons learned and recovery procedure documentation — Test match 3

Should not match

• Incident report for workplace injury — Non-match 1
• Traffic incident on the highway — Non-match 2

Known false positives

• Generic incident references in non-cyber contexts. Mitigation: Require cyber-specific terms like IRP, containment, or incident commander.