News Article

1

Jul
2026

ASIS Victoria Cyber for Physical Security Series - Incident Response Plan and Management

Review of Webinar 4 of 4

On Wednesday 24th June we concluded our webinar series of "Cyber for Physical Security"

Before we continue with the summary, on behalf of the ASIS Victoria Chapter committee, I would like to extend our thanks to Richard Magalad from ITR Australia for presenting this amazing series. 

 

Cybersecurity Incident Response Plan – Summary

This presentation outlines how organisations should prepare for, respond to, and recover from cybersecurity incidents affecting physical security systems. It emphasises structured planning, clearly defined roles, and alignment with broader risk and business continuity strategies.


Key Highlights

Incident vs Event

An event is routine and expected; an incident compromises security and requires a coordinated response.

Incident Response Plan (IRP)

A documented, repeatable process to detect, respond, and recover from incidents.

Eliminates reactive decision-making and ensures consistency under pressure. 

Governance & Decision-Making

Clearly define authority, escalation paths, and responsibilities.

IRP should be built from the organisation’s risk register. 

Incident Response Team (IRT)

Cross-functional team including executives, IT, security consultants, legal, and communications.

Physical security plays a key role bridging IT and site operations.

Playbooks & Communication

Predefined response scenarios (e.g., CCTV failure, perimeter breach).

Structured internal and external communication is critical during incidents. 

Response Objectives

Minimise impact, restore services within tolerance, inform decision-makers, and prevent recurrence

Framework (NIST-aligned)

Govern → Identify → Protect → Detect → Respond → Recover → Lessons Learned. 

Business Continuity & Disaster Recovery (BCDR)

Activated when impact exceeds incident thresholds.Focuses on maintaining acceptable operations, not necessarily full restoration. 

Key Metrics

RTO, MTD, MTO, and RCO define acceptable downtime and recovery expectations. 

Critical Incidents (Examples)

System-wide CCTV failure, access control breaches, power outages, coordinated cyberattacks, and physical intrusions. 

Escalation Triggers

Duration, multi-system impact, safety risks, total visibility loss, or confirmed hostile activity. 

Overall Insight

A mature incident response capability relies on preparation, governance, and integration with risk management. Organisations must move from reactive responses to structured, rehearsed processes that prioritise resilience and business continuity.