Skip to content
cyber-security.eu
DEEN

Checklists and templates

A curated collection of practical checklists for baseline security, incident response, awareness and EU regulation. The content is editorial orientation and must be adapted to your organisation and legal context.

Overview

This page is a resource hub. Each category links to the matching topic page with background, controls and context. Downloadable templates will follow editorially.

Categories

Cybersecurity baseline check - core hygiene for any organisation: identities, endpoints, backups, logging. See Cyber security.

SME security check - pragmatic entry for smaller organisations without a dedicated security team. See Cyber security for SMEs.

Incident response plan - structure for handling incidents. See Incident response plan.

Ransomware first steps - what matters in the first hours. See Ransomware.

Phishing incident - detect, report, contain. See Phishing.

NIS2 preparation - scope, duties and evidence. See NIS2.

SOC and SIEM log sources - a sensible minimum set. See SOC and SIEM.

Security awareness - lasting programmes instead of one-off campaigns. See Security awareness.

MFA rollout - sequence, methods and pitfalls. See MFA.

Backup and restore test - 3-2-1, immutable and proven recovery. See Backup.

EDR/MDR selection - telemetry sources, response rights, data residency. See EDR and MDR.

Cloud security baseline check - identities, configuration, logging. See Cloud security.

Microsoft 365 security check - identities, conditional access, mail, audit. See Microsoft 365 security.

Account compromise first steps - sessions, rules, logs, escalation. See Account compromise.

Patch management baseline check - inventory, prioritisation, emergency window. See Patch management.

Vulnerability management process - scanning, assessment, remediation, verification. See Vulnerability management.

Zero trust foundations - identity, device, context, segmentation. See Zero trust.

How to use these checklists

Checklists do not replace a risk assessment. They surface gaps early and structure discussions. Adapt them to your sector, size and legal context before applying.

Note

All templates are editorial guidance. They do not replace individual legal or security advice. Regulatory topics such as NIS2 or DORA always require review by the responsible function in your organisation.

Checklist

  • Baseline: MFA, patching, backups, logging, awareness
  • SME: clear ownership even without an internal SOC
  • Incident response: roles, paths, contact list
  • Ransomware: isolate, preserve, communicate, verify
  • Phishing: report button, escalation, follow-up
  • NIS2: scope clarified, reporting paths defined
  • SIEM: at least identity, endpoint and mail logs
  • Awareness: continuous, not one-off

Related topics

Cybersecurity for business

Effective enterprise security combines governance with concrete technical and organisational controls. This page shows what decision makers and IT leaders should focus on first - calm, practical and clearly prioritised.

Cybersecurity for SMEs

SMEs do not need enterprise security architecture, but they do need the right basics. This page shows which measures deliver the most impact on a limited budget and which common mistakes are easy to avoid.

Incident response

A security incident requires a clear process, rehearsed roles and prepared communication. Improvising during an incident wastes time and creates mistakes. This page covers the phases, responsibilities and common pitfalls.

Incident response plan

A good incident response plan is short enough to be useful in a crisis and concrete enough to speed up decisions. This page describes a pragmatic structure and typical contents.

NIS2 - what organisations need to know

The NIS2 directive raises the cyber security bar in the EU noticeably. This page offers editorial orientation - not legal advice.

Ransomware: risks and first response

Ransomware remains one of the most expensive cyber risks. It is typically the result of a chain of weaknesses rather than a single click. This page covers typical patterns, effective controls and an orderly first response.

Phishing

Phishing remains one of the most common entry points. Modern attacks look professional, use trusted brands and adapt quickly. Technical filters, awareness and a simple report button belong together.

Multi-factor authentication

MFA significantly reduces the risk of compromised accounts. This page explains which methods actually work, where the weak points are and how to prioritise rollout in practice.

Backup

Backups are a core defence against data loss and ransomware. This page explains the 3-2-1 rule, offline and immutable backups, restore tests and common mistakes.

Cloud security

Cloud security combines safe configuration, strong identities, good logging and clear responsibility. This page outlines the core building blocks.

Microsoft 365 security

Microsoft 365 is the central workspace and identity ecosystem for many organisations. This page outlines the key security building blocks without admin step-by-step instructions.