Develop a Denial of Service Response Plan
Create a plan to detect, maintain, and respond to service disruptions in video and telephony systems.
Plain language
A Denial of Service (DoS) response plan is like having a backup plan for when your video calls and internet phone services get disrupted by a cyber-attack. It’s important because without it, your business could suffer downtime, making it hard to communicate with clients or run operations smoothly.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for communications systemsOfficial control statement
A denial of service response plan for video conferencing and IP telephony services contains the following: - how to identify signs of a denial-of-service attack - how to identify the source of a denial-of-service attack - how capabilities can be maintained during a denial-of-service attack - what actions can be taken to respond to a denial-of-service attack.
Why it matters
Without a DoS response plan, video conferencing and IP telephony outages may last longer, disrupting calls and business continuity.
Operational notes
Regularly exercise and update the DoS response plan, including indicators, source tracing steps, service continuity measures, and response actions.
Implementation tips
- Business managers should organise a workshop with IT staff to identify signs that could indicate a DoS attack, such as unusual slowness in making calls or interruptions in video conferencing. Note these signs in an easy-to-read guide for quick staff reference.
- IT teams should establish clear procedures to trace potential sources of these disruptions. This could involve using tools to monitor network traffic and identify unexpected influxes of data from unknown locations.
- System administrators should work on ensuring that essential services like video and telephony can be maintained, even in the event of a DoS attack. This may involve setting up backup servers or having secondary communication platforms ready.
- IT staff should draft actionable steps that staff can follow when a DoS attack is detected. This should include instructions for reporting the incident and contacting any external support services needed.
- The Human Resources team should train employees on what a DoS attack is and encourage them to report any service disruptions quickly. Provide examples of what to look for and how to report issues efficiently.
Audit / evidence tips
-
Askthe documented DoS response plan: Request to see the plan that outlines steps for detecting and handling DoS attacks on video and telephony services
GoodThe plan includes detailed detection methods, action steps, and contact information for critical team members
-
Askto see logs of past disruptions: Request records of any service disruptions over the past year
GoodLogs reflect a consistent reporting and action-taking approach, with all incidents assessed for potential DoS involvement
-
Askevidence of resource allocation for maintaining services: Request to see how the organisation ensures continuous service during attacks
GoodThe organisation can demonstrate functional backup solutions that were tested and operational
-
Asktraining records for staff on DoS awareness: Request training material or attendance lists
GoodEvidence of regular training including all relevant staff, with materials explaining DoS response clearly
-
Askrecords of simulations or tests of the DoS response plan: Request documentation of any drills carried out
GoodSimulation results show realistic scenarios were tested, with outcomes analyzed and the plan updated based on findings
Cross-framework mappings
How ISM-1805 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 5.30 | ISM-1805 requires organisations to plan for DoS scenarios affecting video conferencing and IP telephony, including maintaining service ca... | |
| handshake Supports (2) expand_less | ||
| Annex A 5.28 | ISM-1805 requires a documented DoS response plan including how to identify the source of a DoS attack and what actions to take in respons... | |
| Annex A 8.15 | ISM-1805 requires organisations to identify signs of a DoS attack and help identify its source for video conferencing and IP telephony se... | |
E8
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| E8-MF-ML2.12 | ISM-1805 requires a denial-of-service (DoS) response plan specifically for video conferencing and IP telephony, including identification,... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.