1
Jul2026
ASIS Victoria Cyber for Physical Security Series - Incident Response Plan and Management
Review of Webinar 4 of 4
On Wednesday 24th June we concluded our webinar series of "Cyber for Physical Security"
Before we continue with the summary, on behalf of the ASIS Victoria Chapter committee, I would like to extend our thanks to Richard Magalad from ITR Australia for presenting this amazing series.
Cybersecurity Incident Response Plan – Summary
This presentation outlines how organisations should prepare for, respond to, and recover from cybersecurity incidents affecting physical security systems. It emphasises structured planning, clearly defined roles, and alignment with broader risk and business continuity strategies.
Key Highlights
Incident vs Event
An event is routine and expected; an incident compromises security and requires a coordinated response.
Incident Response Plan (IRP)
A documented, repeatable process to detect, respond, and recover from incidents.
Eliminates reactive decision-making and ensures consistency under pressure.
Governance & Decision-Making
Clearly define authority, escalation paths, and responsibilities.
IRP should be built from the organisation’s risk register.
Incident Response Team (IRT)
Cross-functional team including executives, IT, security consultants, legal, and communications.
Physical security plays a key role bridging IT and site operations.
Playbooks & Communication
Predefined response scenarios (e.g., CCTV failure, perimeter breach).
Structured internal and external communication is critical during incidents.
Response Objectives
Minimise impact, restore services within tolerance, inform decision-makers, and prevent recurrence
Framework (NIST-aligned)
Govern → Identify → Protect → Detect → Respond → Recover → Lessons Learned.
Business Continuity & Disaster Recovery (BCDR)
Activated when impact exceeds incident thresholds.Focuses on maintaining acceptable operations, not necessarily full restoration.
Key Metrics
RTO, MTD, MTO, and RCO define acceptable downtime and recovery expectations.
Critical Incidents (Examples)
System-wide CCTV failure, access control breaches, power outages, coordinated cyberattacks, and physical intrusions.
Escalation Triggers
Duration, multi-system impact, safety risks, total visibility loss, or confirmed hostile activity.
Overall Insight
A mature incident response capability relies on preparation, governance, and integration with risk management. Organisations must move from reactive responses to structured, rehearsed processes that prioritise resilience and business continuity.
