Skip navigation to content

Standard Categories for Incident Response

St Andrews CSIRT uses the "Standard Categories for Incident Response" to define cyber security incidents.

Other institutes are free to use these definitions. It is felt that the more places that use defined standards, the more we can share information (as we are "speaking about the same things").

From 2018, the standard has been split into two parts;

Definitions: These are the definitions for each of the incident categories. Teams can use these definitions for their internal reporting.

Joint Metrics: If a team uses the standard categories, they are welcome to submit the data for comprison with other teams. This document explains how to go about this.

In addition to the standards, we have made our standard category playbooks and thehive templates available for other organisations to use and adapt. There is a playbooks and templates available for each of the incident categories.  

Please get in touch if you have any questions about the standard:

Standard Categories for Incident Response 2.1 (PDF, 83 KB)

Standard Categories for Incident Response - Joint Metrics 2.1 (PDF, 59 KB)

Playbooks 1.2 (PowerPoint, 69 KB)

thehive templates 1.0 (ZIP, 17 KB)

Quick answers

See if your question is answered in our quick answers.

Contact the IT Service Desk

Log a call using IT Self-Service
(01334 46) 3333
 Message us on Skype for Business
(Mon - Fri, 09:00 - 17:00)

Level 2
University Library
North Street
St Andrews
Fife KY16 9TR

Opening Hours
Mon - Fri
: 08:30-18:00
(front desk support
from 09:00)

Sat: 10:00-17:00
Sun: 11:00-18:00

The IT Service Desk is closed
for staff training on Fridays
between 09:30 and 10:30