Incident Response Plan
A documented set of procedures for detecting, responding to, and recovering from cybersecurity incidents, minimising damage and downtime.
An incident response plan (IRP) is a structured document that outlines how your organisation will detect, contain, eradicate, and recover from a cybersecurity incident — whether it is a data breach, ransomware attack, or system compromise. With Malaysia's PDPA now requiring 72-hour breach notification, having a tested IRP is no longer optional for businesses handling personal data.
Core Steps
- Preparation — define roles, contact lists, and tools before an incident occurs
- Detection — identify the incident through monitoring, alerts, or user reports
- Containment — isolate affected systems to prevent the incident from spreading
- Eradication — remove the root cause (malware, compromised accounts, vulnerabilities)
- Recovery — restore systems and data from clean backups, verify integrity
- Lessons learned — document what happened, what worked, and what to improve