U.S. Department of Justice, Computer Crime and Intellectual Property Section, Cybersecurity Unit, Best Practices for Victim Response and Reporting of Cyber Incidents (Ver. 1.0) (Apr. 2015) (full-text).
This document was drafted to assist organizations in preparing a cyber incident response plan and, more generally, in preparing to respond to a cyber incident. It reflects lessons learned by federal prosecutors while handling cyber investigations and prosecutions, including information about how cyber criminals' tactics and tradecraft can thwart recovery. It also incorporates input from private sector companies that have managed cyber incidents. It was drafted with smaller, less well-resourced organizations in mind; however, even larger organizations with more experience in handling cyber incidents may benefit from it.