Incident Playbooks

Response procedure for suspected or confirmed compromise of classified defence information. Covers containment, Defence notification, investigation, and remediation.

Response procedure for detected or suspected cyber intrusion including network breach, malware infection, or unauthorised system access.

Response procedure for unauthorised physical access to secure areas, security zones, or classified material storage facilities.

Response procedure for suspected insider threat activity including espionage, sabotage, unauthorised disclosure, or suspicious behaviour by cleared personnel.

Response procedure for loss, theft, or unaccounted classified material including documents, storage media, or equipment.

Response procedure for suspected foreign intelligence service targeting, social engineering, or foreign interference attempts against personnel or the organisation.