Incident response (IR) is a structured approach to managing and addressing the aftermath of a security breach or cyberattack. The goal of incident response is to handle the situation in a way that limits damage and reduces recovery time and costs. An effective incident response plan can also aid in preventing future incidents and in fulfilling an organization’s legal and regulatory obligations.
Incident response goes through 4 steps:
- The incident is identified and reported
- The response team works to contain the threat
- The security team works to eradicate the threat
- Systems and data are restored to their normal state