partners documentation Watch Axonius+
Platform
Platform
By Category
Adapters
I Want To...

Gartner Hype Cycle: CAASM

CAASM is on the rise, says Gartner — but what exactly does this mean? Read the report to find out.

Get the Report
Solutions
Solutions
By Role
By Industry
I Want to...

Start Free Trial

Test drive Axonius for yourself. Sign up for a free, 30-day trial — no strings attached.

Get Started
Use Cases
Use Cases
Cybersecurity
IT and Infrastructure
I Want to....

Start Free Trial

Test drive Axonius for yourself. Sign up for a free, 30-day trial — no strings attached.

Get Started
Resources
Resources
Resources
Blog
I Want to....
Watch Now

Introducing: Axonius+

We wanted to try something new when it comes to our video content. The result? Axonius+. Check it out today.

Watch Now
About
About
About Axonius
Become an Axonian
Partners

Book Your Demo

See Axonius in action and learn what you can accomplish with a comprehensive understanding of all assets.

Sign Up Now
Book a Demo Get Free Trial
    Get Free Trial
    Book a Demo

      Glossary

      [resources, glossary, incident-response-plan]

      vulnerability management

      Incident Response Plan

      What is an Incident Response Plan?

      A cybersecurity incident response plan is a predetermined team, process, and workflow for how a company will respond to a cyber attack.

      In the field of cybersecurity, data breaches are considered inevitable. It’s not a matter of if, but when. When a data breach happens, it’s important to have a plan in place for how to deal with it — both from a technological perspective and from a customer relations and public relations point of view. The plan for such an event is known as an incident response plan, and it’s an important part of every cybersecurity model.

      Why should organizations have an Incident Response Plan?

      Some compliance frameworks, like the NIST framework, require an incident response plan. Further, some regulators, such as GDPR, have data breach reporting requirements, which an incident response plan is intended to expedite and support.

      Incident response plans offer organizations the following benefits:

      • Preparation for the future
      • Timeliness of responses, and workflows for prioritization
      • Streamlines communication across impacted personnel
      • Exposes potential gaps in security
      • Ensures that critical information is documented and shared across teams, and that lessons learned continue to adapt the plan over time

      Additionally, the documentation and reporting following an incident can be important for legal and compliance needs.

      What are the key components of an Incident Response Plan?

      The first consideration in building an incident response plan is the people who are going to be responsible for following and implementing it. An incident response team might include incident managers, security analysts, threat researchers, as well as stakeholders in senior management, HR, PR, and senior security staff. Third parties, such as legal teams or law enforcement agencies may also be included. 

      Once the team is established, a series of workflows, processes, and playbooks should be created to help the team triage and prioritize potential breaches. The plan should document clearly what to do and who to contact. This preparation phase should also include scenarios and exercises for a variety of different kinds of cyber attacks.

      When a data breach occurs, having a comprehensive IT asset inventory for cybersecurity is critical to ensure that all at-risk devices, programs, and teams are isolated and contained quickly and efficiently. This helps the team investigate other possible areas where the compromise may have occurred, and increases the rate at which employees are able to get back to work. 

      After the threat has been eliminated and patch management is in place, recovering normal services and communicating within the company — and with customers — is critical. 

      The last step of a solid incident response plan is to review what happened, identify ways to prevent it from happening again, and to adapt the plan given new information. A mature incident response plan includes automated vulnerability scanning and proactive threat hunting.

      Related Resources

      5 Cybersecurity Incident Response Metrics That Matter

      6 Essential Skills for Incident Responders

      When Asset Inventories Become Incident Response Exercises

      Strengthening CIS Control 19 With Cybersecurity Asset Management