Incident Response Readiness Score Calculator

ANALife Services AuthorityNational Calculator Authority›Incident Response Readiness Score Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

Incident Response Readiness Score Calculator

Evaluate your organization's incident response preparedness across six critical domains. Answer each question on a scale of 0–4 to receive a weighted readiness score and maturity rating.

1. IR Plan & Documentation (Weight: 20%)

Documented IR plan exists and is approved:

0 – No plan exists 1 – Draft exists, not approved 2 – Approved but outdated (>2 years) 3 – Approved and reviewed within 1 year 4 – Approved, reviewed within 6 months, version-controlled

Plan covers all incident types (malware, DDoS, insider, data breach):

0 – Not covered 1 – Covers 1 incident type 2 – Covers 2 incident types 3 – Covers 3 incident types 4 – Covers all major incident types

Roles and responsibilities clearly defined (RACI):

0 – No roles defined 1 – Informally assigned 2 – Partially documented 3 – Documented, not tested 4 – Documented, tested, and understood by all

2. Detection & Analysis Capabilities (Weight: 20%)

SIEM / log aggregation in place:

0 – No centralized logging 1 – Basic syslog only 2 – SIEM deployed, minimal tuning 3 – SIEM with custom rules and alerts 4 – SIEM with UEBA, threat intel feeds, and tuned alerts

Endpoint Detection & Response (EDR) coverage:

0 – No EDR 1 – <25% endpoints covered 2 – 25–50% endpoints covered 3 – 51–90% endpoints covered 4 – >90% endpoints covered with active monitoring

Mean Time to Detect (MTTD) known incidents:

0 – Unknown / not measured 1 – >30 days 2 – 7–30 days 3 – 1–7 days 4 – <24 hours

3. Containment, Eradication & Recovery (Weight: 20%)

Incident-specific playbooks available:

0 – No playbooks 1 – 1–2 playbooks (ad hoc) 2 – 3–5 playbooks 3 – 6–10 playbooks, regularly reviewed 4 – Comprehensive playbook library, automated where possible

Ability to isolate/contain compromised systems:

0 – No capability 1 – Manual, slow process (>4 hours) 2 – Manual, moderate speed (1–4 hours) 3 – Semi-automated (<1 hour) 4 – Automated containment (<15 minutes)

Backup and recovery capability tested:

0 – No backups 1 – Backups exist, never tested 2 – Tested >1 year ago 3 – Tested within 6–12 months 4 – Tested within 3 months, RTO/RPO documented and met

4. Communication & Escalation (Weight: 15%)

Communication plan for internal and external stakeholders:

0 – No plan 1 – Informal verbal process 2 – Partially documented 3 – Documented, includes legal/PR/exec 4 – Documented, tested, includes regulators and customers

Escalation thresholds and criteria defined:

0 – Not defined 1 – Informally understood 2 – Partially documented 3 – Documented by severity level 4 – Documented, automated alerts trigger escalation

Legal, regulatory, and breach notification requirements understood:

0 – Not understood 1 – Aware but not documented 2 – Partially documented (e.g., GDPR or HIPAA only) 3 – All applicable regulations documented 4 – Documented, legal counsel engaged, notification templates ready

5. Training & Exercises (Weight: 15%)

IR team training and certifications (e.g., GCIH, GCFE):

0 – No formal training 1 – Ad hoc / self-study only 2 – Annual training, no certifications 3 – Regular training, some certifications 4 – Continuous training program, certified IR staff

Tabletop exercises conducted:

0 – Never conducted 1 – Once, >2 years ago 2 – Annually 3 – Semi-annually with lessons learned 4 – Quarterly, multi-scenario, with exec participation

Red team / penetration testing exercises:

0 – Never conducted 1 – Once, >2 years ago 2 – Annual external pentest only 3 – Annual red team + pentest 4 – Continuous red team, purple team exercises, findings tracked

6. Post-Incident & Continuous Improvement (Weight: 10%)

Post-incident reviews (PIR) / lessons learned conducted:

0 – Never conducted 1 – Informally, no documentation 2 – Documented for major incidents only 3 – Documented for all incidents, shared with team 4 – Documented, tracked to closure, fed back into plan updates

IR metrics tracked (MTTD, MTTR, incident volume, false positive rate):

0 – No metrics tracked 1 – 1 metric tracked informally 2 – 2–3 metrics tracked 3 – 4+ metrics tracked and reported 4 – Full KPI dashboard, reported to leadership, trend analysis

Threat intelligence integrated into IR process:

0 – No threat intel used 1 – Ad hoc public feeds only 2 – Commercial TI feed, not integrated 3 – TI integrated into SIEM alerts 4 – TI platform integrated, IOCs auto-blocked, sector-specific feeds

Calculate Readiness Score

### Your IR Readiness Score

Domain Raw Score Max Weight Weighted

function incCalc() { // Collect raw scores per question var ids = [ "inc-plan-exists","inc-plan-scope","inc-roles", "inc-siem","inc-edr","inc-mttd", "inc-playbooks","inc-isolation","inc-backups", "inc-comms-plan","inc-escalation","inc-legal", "inc-training","inc-tabletop","inc-redteam", "inc-pir","inc-metrics","inc-threat-intel" ];

var scores = ids.map(function(id) { return parseInt(document.getElementById(id).value, 10); });

// Domain definitions: [name, weight, question indices (0-based)] var domains = [ { name: "IR Plan & Documentation", weight: 0.20, idx: [0,1,2] }, { name: "Detection & Analysis", weight: 0.20, idx: [3,4,5] }, { name: "Containment, Eradication & Recovery",weight: 0.20, idx: [6,7,8] }, { name: "Communication & Escalation", weight: 0.15, idx: [9,10,11] }, { name: "Training & Exercises", weight: 0.15, idx: [12,13,14]}, { name: "Post-Incident & Improvement", weight: 0.10, idx: [15,16,17]} ];

// For each domain: raw = sum of question scores (max = 4 * num_questions) // Domain percentage = raw / max * 100 // Weighted contribution = domain_percentage * weight // Final score = sum of weighted contributions (0–100)

var totalScore = 0; var tableHTML = ""; var weakDomains = [];

domains.forEach(function(d) { var raw = d.idx.reduce(function(sum, i) { return sum + scores[i]; }, 0); var maxRaw = d.idx.length * 4; var domainPct = (raw / maxRaw) * 100; var weighted = domainPct * d.weight; totalScore += weighted;

var pctDisplay = domainPct.toFixed(1); var weightedDisplay = weighted.toFixed(2);

tableHTML += "" + "" + d.name + "" + "" + raw + "" + "" + maxRaw + "" + "" + (d.weight*100).toFixed(0) + "%" + "" + weightedDisplay + "" + "";

if (domainPct = 85) { maturity = "Optimized (Level 5)"; color = "#2e7d32"; advice = "Your IR program is highly mature. Focus on continuous improvement, threat hunting, and sharing intelligence with sector peers."; } else if (totalScore >= 70) { maturity = "Managed (Level 4)"; color = "#558b2f"; advice = "Strong IR posture. Prioritize automation, purple team exercises, and closing gaps in weaker domains."; } else if (totalScore >= 50) { maturity = "Defined (Level 3)"; color = "#f9a825"; advice = "Foundational IR capabilities exist. Focus on testing plans, expanding playbooks, and improving detection speed."; } else if (totalScore >= 30) { maturity = "Developing (Level 2)"; color = "#e65100"; advice = "Significant gaps exist. Prioritize formalizing your IR plan, deploying detection tools, and conducting tabletop exercises."; } else { maturity = "Initial / Ad Hoc (Level 1)"; color = "#b71c1c"; advice = "Critical gaps across all domains. Immediate action required: establish an IR plan, assign roles, and deploy basic detection capabilities."; }

// Render results document.getElementById("inc-result").style.display = "block"; document.getElementById("inc-score-display").textContent = totalScore.toFixed(1) + " / 100"; document.getElementById("inc-score-display").style.color = color; document.getElementById("inc-maturity-label").innerHTML = "" + maturity + "";

var bar = document.getElementById("inc-score-bar"); bar.style.width = totalScore + "%"; bar.style.background = color;

document.getElementById("inc-domain-table").innerHTML = tableHTML;

var recHTML = "" + "Overall Assessment: " + advice + "";

if (weakDomains.length > 0) { recHTML += "Priority Improvement Areas (<50%):"; weakDomains.forEach(function(d) { recHTML += ""; }); recHTML += ""; }

document.getElementById("inc-recommendations").innerHTML = recHTML; document.getElementById("inc-result").scrollIntoView({behavior:"smooth"}); }

#### Formula

Domain Score (%) = (Sum of question scores in domain) / (4 × number of questions in domain) × 100 Weighted Domain Contribution = Domain Score (%) × Domain Weight Final IR Readiness Score (0–100) = Σ (Weighted Domain Contributions) Domain Weights: IR Plan & Documentation (20%) + Detection & Analysis (20%) + Containment/Eradication/Recovery (20%) + Communication & Escalation (15%) + Training & Exercises (15%) + Post-Incident & Improvement (10%) = 100%

#### Assumptions & References

More Calculators

Read Next

Study Time Planner Authority Network America › Life Services Authority › National Calculator Authority .calc-container { max-width: 640px;...

References

Related Authorities

Life Services Authority › Professional Services Authority › Trade Services Authority › United States Authority ›