Incident responders need to know which questions to ask and how to communicate the answers to a diverse set of stakeholders. A customizable report template gives the response coordinator that structure when the stakes are high.
Preparing for cybersecurity and data privacy incidents involves creating checklists and documented plans so the response team can do their best during the incident. Preparation also includes creating a template that responders can use as the basis for the incident report.
We created such an IR report template while developing cybersecurity and privacy incident response procedures at Axonius. I’m happy to share its public version with the community. Incident responders can use it to strengthen the way they collect, document, and communicate incident-related details.
The template, once customized for your organization, should be used by the incident response coordinator—the person in charge of handling the incident. It helps ask the right questions of the people handling response tasks.
The questions in the template fall into these high-level categories in anticipation of what the report’s readers want to know:
- What happened and when?
- What was the root cause?
- What was and remains to be done?
- What lessons can be learned?
- What are the remaining action items?
The template captures the details behind each question. It incorporates the guidelines I prepared for my Cybersecurity Writing course at SANS Institute.
Elisabetta Tiani added her expertise to allow the template to be used for both cybersecurity and privacy incidents. Daniel Trauner shared his insights to strengthen the template further.
Download the template and make it your own. It’s available as Markdown and Word files.
You can also use my MCP server with your AI agent to generate or improve IR reports using this template and my guidance. It’s designed to offer insights without expecting to receive your sensitive data.
