What is incident response?

Incident response refers to the processes an organization employs to help detect, respond to, and recover from security incidents. It's essentially an emergency plan with step-by-step guidelines, similar to how most buildings have predefined evacuation routes.

What are the steps of an incident response plan?

While every organization may have different structures and terminology, generic steps of most plans include:

  • Preparation – compile a list of assets, and identify risks to those assets.
  • Detection – discover and analyze the security incident.
  • Containment, Eradication, and Recovery – contain the incident, remove the threat, and restore affected assets.
  • Post-incident analysis – determine how the incident occurred, and take measures to reduce the probability of similar incidents in the future.

Why is incident response so important?

Failing to prepare is preparing to fail. Incident response plans set the stage for accurate and efficient recovery from security incidents. Without a plan, organizations would struggle to quickly identify threats and mitigate damages.

Man writing a plan

What’s your role regarding incident response?

An organization’s incident response plan won’t work unless employees report incidents as soon as they notice them. Your role, therefore, is to stay alert and report incidents immediately. The longer something goes unreported, the more damage it could cause.

What’s an example of reporting incidents?

Imagine you have a keycard that grants you access to a highly secured area of a building. One day, you come to work and find the door to that secured area left open. You could simply close the door and go about your day. But doing so prevents your organization from investigating the incident. Why was the door left open? Who left it open? Was it just a mistake? Did someone manage to break in? Non of those questions get answered if you fail to report the incident.

In short, an incident response plan empowers organizations to develop policies that prioritize the security of the employees, clients, customers, and business associates. If you have any questions or need more information, please ask!

Our Security Plus Package offers weekly micro-trainings and quick quizzes to help educate your employees on cybersecurity threats. If you are interested in learning more, please contact us for more info and pricing.

Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.

Posted in

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.