Using the CISA Incident Response Playbook at your Organization (IR211)

9:00 AM EDT – 1:00 PM EDT
Location type
Event type

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Using the CISA Incident Response Playbook at your Organization (IR211) event Thursday, June 13, 2024, from 9:00 a.m. EDT to 1:00 p.m. EDT. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability. 

Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” CISA released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch (FCEB) networks. This course introduces students to the Incident Response Playbook that describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out. The course will include a tabletop discussion format that follows a simulated IR event/scenario and guides students through the CISA IR checklist and IR phases. While the playbooks are intended for federal agencies, CISA encourages public and private sector partners to review them to help inform their own incident response practices.

Experience these benefits and more:

  • Key guidance for organizations: Introduce the CISA Incident Response (IR) Playbook with an overview of the IR phases, key resources, standardizing shared practices, and the Incident Response Checklist. Learn about roles, responsibilities, and the importance of communication during an incident response.
  • Lessons learned: This course also highlights lessons learned and common missteps when implementing an IR playbook.
  • Peer activity and discussion: A guided incident response tabletop scenario and discussion where students will be required to follow the IR process using the CISA IR checklist. The tabletop discussion will help students to better comprehend and apply critical thinking throughout the NIST/CISA IR process.


  • Date: Thursday, June 13, 2024 
  • Time: 9:00 a.m. EDT - 1:00 p.m. EDT
  • Location: Online via WebEx
  • CPE Credit: Participants can earn 4 CPE credits for attending this course.
  • Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.
  • Note: Audio is through WebEx; there is no external dial-in.
  • Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start.