Cybersecurity Planning

K12 SIX Releases Essential Cyber Incident Response Template for Schools

K12 Security Information Exchange today released a free Cyber Incident Response Runbook for U.S. public schools, a fill-in-the-blank style guide created specifically to help K–12 school leaders build an effective, comprehensive response plan for any type of cyber incident.

K12 SIX, a cyber threat information-sharing community and the nation’s only nonprofit dedicated solely to the cybersecurity needs of primary and secondary schools in the United States, developed the Runbook with input from K–12 IT professionals, the organization said in a news release.

The Cyber Incident Response Runbook aligns with the NIST Incident Response Lifecycle and is tailored to the needs and context of K–12 schools; it includes guidance for coordination with internal and external partners, and stakeholder communications and for managing student-initiated incidents, K12 SIX said.

The Runbook is the second in K12 SIX’s series of free cybersecurity guides for schools; the guides can be downloaded at The fill-in-the-blank guide is designed to be printed, marked up, and distributed to a school’s IT staff, offering a reminder that IT resources are likely to be inaccessible during a cyber incident.

The Runbook walks district leaders and IT staff through creating a step-by-step response plan for a cyberattack or suspected cyber incident, beginning with a list of names and contact information for a school district’s legal, IT, security, operations, finance, HR, insurance, and communications leaders both internally and externally. Also included on the "cyber incident contact list" are leaders in other departments, such as payroll and transportation, because a cyber incident is likely to halt access to a district’s network and communications systems, at least initially, as the Runbook notes.

The guide then walks district leaders, in great detail, through the four stages of building an effective cybersecurity incident response plan: Preparation; Detection and Analysis; Containment, Eradication, and Recovery; and Post-Incident Activity.

“Trends point to a growing cybersecurity crisis facing the U.S. K–12 sector. Schools of all types and sizes, from coast to coast, have experienced significant cyber incidents,” said K12 SIX National Director Doug Levin. “Too many K-12 organizations have not adequately prepared for cyber incidents. The K12 SIX Essential Cyber Incident Response Runbook serves as a high-level checklist for school staff to organize their actions in the event of a cyber attack; it is a complement to other K12 SIX guidance and resources designed to help schools defend against attacks.”

The development of the K12 SIX Essential Cyber Incident Response Runbook was supported by Microsoft.

Learn more and download the guide from the Essentials page at

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].