ASD's Blueprint for Secure Cloud

Cyber Security Incidents

This page provides a template and guidance to assist organisations in documenting their approach to managing and responding to cyber security incidents associated with their system(s) built on ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

As <ORGANISATION-NAME>’s overall approach to implementing controls related to Cyber Security Incidents is consistent across all controls addressed within this section, it does not delve into subsections but rather addresses the controls as a group. This approach is also consistent with ASD’s Guidelines for Cyber Security Incidents.


ISM controls relating to cyber security incidents are applicable to ensuring <SYSTEM-NAME>receives appropriate overarching governance of cyber security matters within <ORGANISATION-NAME> and are covered by this section of the SSP.

<ORGANISATION-NAME> is responsible for implementing administrative controls to govern the direct management of, and response to the cyber security incidents for <SYSTEM-NAME>.


Organisational policies and processes implemented

<ORGANISATION-NAME>’s management of cyber security incidents relating to <SYSTEM-NAME> is performed in line with <ORGANISATION-NAME>’s Cyber Security Incident Management Policy and Cyber Security Incident Response Plan, which include the reporting of incidents to <ORGANISATION-NAME>’s CISO and to ASD in a timely manner. These documents are exercised annually.

In accordance with the <SYSTEM-NAME> Incident Response Plan (IRP), <ORGANISATION-NAME> will also liaise with Microsoft regarding the response to incidents that cover elements relating to their shared responsibility for <SYSTEM-NAME>.

All recorded incidents for <SYSTEM-NAME> are documented in its Cyber Security Incident Register.

The management of the threat that trusted insiders pose to <SYSTEM-NAME> is addressed as part of the <ORGANISATION-NAME>’s Trusted Insider Program.


Technical controls implemented

<SYSTEM-NAME> utilises the Microsoft 365 Defender portal and <SIEM-PRODUCT> to assist in the identification of cyber security incidents. Specific capabilities include the Incident Queue and Action Centre views.

<ORGANISATION-NAME> has established a Security Operations Centre (SOC), a Cyber Security Incident Register, and an IRP to meet the requirements outlined in the SSP Annex.


Security & Governance



  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra