Cybersecurity Checklists and Templates: Free Resources for Every Stage
Contact Us
Browse cybersecurity guides, AI tutorials, certification paths, career resources, practice labs, and checklists across all topics in the Cybersanso Learn Hub.
Incident Response Checklist
These checklists and templates are designed to be used directly, not adapted from scratch. Each one is based on standard security frameworks and real operational practice. No login, no email, no paywall.
Phase 1: Identification: Confirm that an incident has actually occurred (not a false positive). Determine the nature of the incident: malware, unauthorised access, data breach, DDoS, or insider threat. Identify affected systems, users, and data. Assess initial scope and severity. Notify the incident response team and management. Document everything with timestamps from this point forward.
Phase 2: Containment: Isolate affected systems from the network without powering them off (preserve forensic evidence). Block known attacker IP addresses or domains at the firewall. Disable compromised user accounts. Preserve logs and forensic evidence before containment actions can destroy them. Determine whether short-term containment is sufficient or whether longer-term measures are needed.
Phase 3: Eradication: Identify and remove all attacker footholds: malware, backdoors, and rogue accounts. Patch the vulnerability or misconfiguration that was exploited. Reset credentials for all affected accounts. Verify that all malicious code or access has been removed before proceeding to recovery.
Phase 4: Recovery: Restore systems from clean backups where possible. Verify system integrity before reconnecting to the network. Monitor recovered systems closely for re-infection. Gradually restore services starting with least critical. Confirm with business owners that systems are functioning normally.
Phase 5: Lessons Learned: Hold a post-incident review within 2 weeks. Document what happened, root cause, how it was detected, and response timeline. Identify what worked and what did not. Update detection rules, policies, and procedures based on findings. Communicate relevant findings to stakeholders.
Personal Security Audit Checklist and SaaS Security Review
Passwords audit: All accounts use unique passwords with no reuse across sites. All passwords are at least 16 characters. A password manager (Bitwarden or 1Password) is in use. Default passwords on all devices including routers, cameras, and printers have been changed.
Multi-factor authentication audit: MFA is enabled on email account (most critical as everything else resets via email). MFA is enabled on banking and financial accounts. MFA is enabled on social media accounts. MFA uses an authenticator app rather than SMS where possible.
Devices and updates audit: Operating systems on all devices have automatic updates enabled. Browser is up to date. Unused apps and software have been removed. Full disk encryption is enabled (FileVault on Mac, BitLocker on Windows). Have I Been Pwned check completed for all email addresses.
SaaS security quarterly review: Compile a full inventory of all SaaS applications in use across all departments. Verify that SSO is enforced for all SaaS apps that support it. Audit third-party OAuth permissions and revoke integrations no longer needed. Confirm MFA is enforced across all SaaS platforms with sensitive data access. Review user access: remove accounts for employees who have left. Check data residency compliance for each vendor.
- Incident response checklist: 5 phases from identification to lessons learned
- Personal cybersecurity audit: passwords, MFA, devices, accounts, backups
- Home lab setup guide: VirtualBox, Kali Linux, Metasploitable 2, network isolation
- SaaS security review: inventory, SSO, OAuth permissions, shadow IT, data residency
- Security+ study schedule: 90-day plan from content review to exam day
- Data breach response: notification requirements, evidence preservation, communication
Home Lab Setup Guide
A home lab lets you practice cybersecurity skills in a safe, legal, isolated environment. This guide sets one up using free software with minimal hardware requirements. Minimum: a computer with at least 8GB RAM, 100GB free disk space, and a 64-bit processor with virtualisation support enabled in BIOS.
Step 1: Install VirtualBox. Download from virtualbox.org. Free and runs on Windows, Mac, and Linux. Allows you to run multiple operating systems simultaneously as virtual machines on your host computer.
Step 2: Download and install Kali Linux. Get the VirtualBox OVA file from kali.org/get-kali. Import it into VirtualBox. Default credentials are kali/kali. Kali Linux is the standard penetration testing operating system with pre-installed security tools.
Step 3: Set up a vulnerable target. Metasploitable 2 is a deliberately vulnerable Linux VM ideal for practising exploitation basics, available from SourceForge. DVWA (Damn Vulnerable Web Application) provides web vulnerability practice. VulnHub provides a large library of downloadable vulnerable VMs.
Step 4: Critical network configuration. Set all lab VMs to Host-Only network mode in VirtualBox. This isolates vulnerable machines from your actual internet connection and home network. Your Kali machine can reach the targets; nothing in the lab can reach the internet.
Step 5: First exercises. Run nmap against Metasploitable 2 to discover open ports and services. Browse DVWA and attempt the SQL injection and XSS exercises at low security level first. Follow a TryHackMe free room alongside your lab for guided context on what you are practising.
No single LLM wins every category in 2025 - 2026:
• Claude (Anthropic) - best for coding (SWE-Bench) and long documents
• GPT-4o / GPT-5 (OpenAI) - best for reasoning (GPQA) and multimodal tasks
• Gemini 2.0 (Google) - best for ultra-long context (1M tokens) and video
The best LLM depends on your specific task, not the overall ranking.
• Developer: Claude = Anthropic, ChatGPT = OpenAI (GPT-4o / GPT-5)
• Coding: Claude leads on SWE-Bench Verified (real software engineering)
• Images & tools: ChatGPT/GPT-4o is more widely integrated
• Long docs: Claude is preferred for large context window tasks
• Tone: Claude is more cautious; ChatGPT is more versatile across apps
Best LLMs for coding (2025 - 2026):
1. Claude Opus/Sonnet (Anthropic) - #1 on SWE-Bench Verified
2. GPT-4o / o3 (OpenAI) - strong debugging & explanation
3. DeepSeek-V3 / R1 - frontier-class coding at low cost
4. Llama 4 / Code Llama (Meta) - best open-weight self-hosted option
5. Qwen 3 (Alibaba) - cheap, capable, open-weight
Cheapest LLM APIs in 2025 - 2026 (per million tokens):
• Qwen 3.5 0.8B - ~$0.01 (cheapest available)
• Gemma 3n (Google) - free tier via Google AI Studio
• Mistral 7B / Mixtral - $0.05 - $0.20 via Groq / Together AI
• GPT-4o mini (OpenAI) - ~$0.15 input / $0.60 output
• Claude Haiku (Anthropic) - ~$0.25 input / $1.25 output
Open-weight models via Groq or Together AI are 5 - 10x cheaper than proprietary APIs.
Choosing open-source vs proprietary LLM - 5 factors:
1. Data privacy - self-host open-weight models (Llama, Mistral) if data can't leave your infra
2. Cost - open-weight is cheaper at high token volumes
3. Customisation - open-weight models can be fine-tuned; proprietary usually can't
4. Performance - frontier proprietary models (Claude, GPT-5) still lead on hardest tasks
5. Maintenance - proprietary APIs are managed; self-hosting needs GPU infra + DevOps
Choosing open-source vs proprietary LLM - 5 factors:
1. Data privacy - self-host open-weight models (Llama, Mistral) if data can't leave your infra
2. Cost - open-weight is cheaper at high token volumes
3. Customisation - open-weight models can be fine-tuned; proprietary usually can't
4. Performance - frontier proprietary models (Claude, GPT-5) still lead on hardest tasks
5. Maintenance - proprietary APIs are managed; self-hosting needs GPU infra + DevOps