Phishing
Phishing Response Playbook
Detection, triage, user notification, mailbox quarantine, and IOC extraction steps — aligned to NIST SP 800-61 containment phase guidance.
Malware
Malware & Ransomware Response
Host isolation, forensic imaging, IOC analysis, and recovery steps for malware incidents — including ransomware-specific decisions on payment and restoration.
Access
Unauthorized Access Handling
Detection via SIEM alerts, session termination, credential reset, scope determination, and post-incident privilege review procedures.
Documentation
Templates & Checklists
Reusable IR templates and security checklists for rapid incident documentation — structured for both technical responders and management stakeholders.