Cyber Incident Response – Readiness Checklist

PREPARATION 准备

1 制定全面的网络安全应急准备计划

Your organisation has a cyber security policy or strategy that outlines your organisation’s approach to prevention, preparedness, detection, response, recovery, review and improvement.

贵组织制定了网络安全政策或战略，概述了贵组织在预防、准备、检测、响应、恢复、审查和改进方面的方法。

• For example, does your organisation have a position on, for example, paying ransom, reporting incidents to government, publicly acknowledging cyber incidents, sharing information about incidents with trusted industry and government partners?

例如，贵组织在支付赎金、向政府报告事件、公开承认网络事件、与可信赖的行业和政府合作伙伴共享事件信息等方面是否有自己的立场？

2 完善网络事件响应计划

A Cyber Incident Response Plan has been developed, which:

• Aligns with your organisation’s operating environment and other processes, including emergency management and business continuity processes.

• Has been reviewed or tested in an exercise to ensure it remains current and responsible personnel are aware of their roles, responsibilities and processes.

• Templates have been prepared, for example Situation Reports.

已制定网络事件响应计划，该计划将

• 符合贵组织的运营环境和其他流程，包括应急管理和业务连续性流程。

• 已在演习中进行审查或测试，以确保其保持最新，并确保负责人员了解其角色、职责和流程。

• 已准备好模板，例如情况报告。

3 员工受过事件响应培训

Staff involved in managing an incident have received incident response training.

参与管理事件的工作人员接受过事件响应培训。

4

Up-to-date hard copy versions of the Cyber Incident Response Plan and playbooks are stored in a secure location (in case of electronic or hardware failure) and are accessible to authorised staff members.

网络事件响应计划和手册的最新硬拷贝版本存储在安全位置（以防出现电子或硬件故障），并且可供授权工作人员访问。

参考资料

ACSC Cyber Incident Readiness Checklist_A4.pdf