# More Cybersecurity Playbooks

# Appendix: Recommended Public Cybersecurity Playbooks, Frameworks, and Reference Resources

This playbook is intended to be practical and usable for SMEs, but readers may also want to compare it against other respected public cybersecurity resources.

The resources below are free, open-source, publicly available, or otherwise accessible references that can help organizations improve cybersecurity planning, controls, incident response, recovery, training, and governance.

Each organization should adapt cybersecurity guidance to its size, systems, risks, legal obligations, customers, vendors, and available resources.

# Government and Public-Sector Cybersecurity Frameworks

Resource	Link	Best Use	Description
NIST Cybersecurity Framework 2.0	NIST CSF 2.0	Overall cybersecurity program structure	A widely used framework for organizing cybersecurity governance, risk management, identification, protection, detection, response, and recovery. Useful for comparing the structure of this playbook against a recognized standard.
NIST SP 800-61 Rev. 3	NIST Incident Response Recommendations	Incident response program design	A detailed reference for incident response planning, detection, response, recovery, coordination, and improvement. Useful for organizations formalizing their Respond and Review sections.
CISA Cybersecurity Incident and Vulnerability Response Playbooks	CISA Incident and Vulnerability Response Playbooks	Incident and vulnerability response process comparison	Provides structured playbooks for incident response and vulnerability response. Although written for U.S. federal civilian agencies, many process ideas are useful for private-sector organizations.
CIS Critical Security Controls v8.1	CIS Controls v8.1	Prioritized cybersecurity controls	A practical control set that helps organizations prioritize concrete cybersecurity safeguards. Useful for comparing the Protect, Detect, and governance areas of this playbook.
CISA Four Cybersecurity Essentials for Businesses	CISA Four Cybersecurity Essentials	Simple business-facing cyber basics	A compact resource for basic business cyber hygiene, including employee training, strong passwords, software updates, and MFA. Useful for small businesses starting from a low maturity level.

# Small Business and SME Cybersecurity Guides

Resource	Link	Best Use	Description
NCSC Small Organisations Guide to Cyber Security	NCSC Small Organisations Guide	SME-friendly cyber basics	Clear guidance for small organizations covering backups, devices, accounts, scams, malware, and basic protection. Useful for non-technical readers and small teams.
Australian Cyber Security Centre Small Business Cyber Security Guide	ACSC Small Business Cyber Security Guide	Small-business checklist and guidance	Practical guidance for small businesses, including MFA, updates, backups, passphrases, scams, devices, and employee practices.
Australian Cyber Security Centre Essential Eight	ACSC Essential Eight	Control maturity and hardening comparison	A well-known mitigation model focused on practical technical controls such as application control, patching, MFA, backups, and macro restrictions. More technical than basic SME guides.
Canadian Centre for Cyber Security Baseline Controls for Small and Medium Organizations	Canadian Baseline Controls for SMOs	SME control baseline	A practical set of baseline cybersecurity controls designed for small and medium organizations. Useful for comparing control coverage and maturity.
ENISA Cybersecurity Guide for SMEs	ENISA Cybersecurity Guide for SMEs	SME cybersecurity planning	A European SME-focused guide with practical steps for securing systems and business operations. Useful for organizations wanting an EU perspective.
ENISA SMEs Cybersecurity Resources	ENISA SMEs Cybersecurity	SME guidance and maturity resources	A collection of SME cybersecurity resources, including awareness, risk, cloud security, and business continuity support.
FTC Cybersecurity for Small Business	FTC Cybersecurity for Small Business	Small-business education and risk topics	Practical U.S. small-business guidance on cybersecurity basics, phishing, ransomware, vendors, email authentication, and data protection.
Cyber Readiness Institute	Cyber Readiness Institute	Small-business training and readiness	Free resources for small businesses focused on practical readiness, employee behavior, and basic security management.

# Incident Response, Ransomware, and Emergency Guidance

Resource	Link	Best Use	Description
CISA Ransomware Response Checklist	CISA Ransomware Response Checklist	Ransomware emergency response	A direct checklist for responding to ransomware. Useful as a companion to the Emergency Kit and Respond sections.
StopRansomware Guide	StopRansomware Guide	Ransomware prevention and response	A detailed ransomware prevention and response guide from U.S. government partners. Useful for ransomware-specific planning and response annexes.
SANS Incident Handler’s Handbook	SANS Incident Handler’s Handbook	Incident response process reference	A practical incident handling reference that explains incident phases and includes incident handler checklist concepts. Useful for technical and management responders.
FIRST CSIRT Services Framework	FIRST CSIRT Services Framework	Incident response team capability planning	A structured reference for services and functions that incident response teams may provide. More advanced, but useful for organizations building a formal CSIRT or response capability.
NCSC Exercise in a Box	NCSC Exercise in a Box	Tabletop exercises and practice	Free cyber exercise material for practicing response to cyber incidents. Useful for the Educate, Respond, and Review sections.

# Threat, Detection, and Technical Reference Resources

Resource	Link	Best Use	Description
MITRE ATT&CK	MITRE ATT&CK	Threat-informed detection and response	A globally used knowledge base of attacker tactics and techniques. Useful for improving detection coverage, incident review, and technical response planning.
OWASP Software Assurance Maturity Model	OWASP SAMM	Software security maturity	An open framework for improving software security programs. Useful for organizations that build applications, manage developers, or operate web platforms.
OWASP Application Security Verification Standard	OWASP ASVS	Application security requirements and testing	A technical standard for application security verification. Useful for development teams, web application owners, and software vendors.
OWASP Cheat Sheet Series	OWASP Cheat Sheets	Practical developer security guidance	Practical security guidance for developers and technical teams across common security topics. Useful for role-based developer training and secure development practices.

# Public and Open-Source Playbook Collections

Resource	Link	Best Use	Description
Microsoft Incident Response Playbooks	Microsoft Incident Response Playbooks	Microsoft environment incident response	Microsoft-focused playbooks for scenarios such as phishing, password spray, and malicious app consent. Useful for organizations using Microsoft 365, Entra ID, Defender, or Azure.
AWS Incident Response Playbook Samples	AWS Incident Response Playbooks	Cloud incident response examples	Open playbook samples for AWS incident scenarios. Useful for organizations using AWS or wanting examples of cloud-specific response workflows.
Awesome Incident Response	Awesome Incident Response	DFIR tools and incident response references	A community-maintained list of incident response tools and resources. Useful for technical teams researching tooling and response methods.
Awesome Playbooks	Awesome Playbooks	Large playbook and script collection	A community-maintained collection of incident response playbooks and scripts. Useful for technical comparison, but organizations should validate content before using it operationally.
LetsDefend Incident Response Playbooks	LetsDefend Incident Response Playbooks	Practical incident scenario examples	Community playbooks for common incident types. Useful for training, SOC practice, and comparison with internal procedures.
SOCFortress Playbooks	SOCFortress Playbooks	SOC analyst workflows	Public playbooks and workflows for SOC-style incident response. More technical, but useful for detection and response teams.