What is Incident Response?
Incident response refers to the process by which an organization addresses or manages a cyber attack or data breach on their IT assets. This includes minimizing the effect of the attack and remediating the cause to reduce the risk of a future attack.
What are the three key elements of Incident Response?
The three key elements of incident response are:
- Team. Ensuring you have the right team in place to address the incident. This team should include stakeholders from IT, Legal, Human Resources, Corporate Communications, Risk Management, Executive, and third-party security forensic experts.
- Plan. Having a comprehensive incident response plan in place. The plan should outline how to prepare the team to handle an incident, how to detect and evaluate an incident once it has occurred, how to contain the damage, how to determine the impact and risks, how to find and remediate the root cause, how to resolve the incident, and how to prevent future incidents.
- Tools. Having the right tools in place to minimize incidents that could cause damage to an organization and their customers.