An incident is a matter of when, not if, a compromise or violation of an organization’s
security will happen. The preparation of the Computer Incident Response Team (CIRT) through
planning, communication, and practice of the incident response process will provide the
necessary experience needed should an incident occur within your organization. Each phase from
preparation to lessons learned is extremely beneficial to follow in sequence, as each one builds
upon the other. The following phases will provide a basic foundation to be able to perform
incident response and allow one to create their own incident response plan.
This phase as its name implies deals with the
So, what is an incident response process?
At the end of the day, it’s a business process. In fact, an incident response process is a business process that enables you to remain in business. Quite existential, isn’t it? Specifically, an incident response process is a collection of procedures aimed at identifying, investigating and responding to potential security incidents in a way that minimizes impact and supports rapid recovery.
Take it from me and many of my friends who wear these battle scars… the more you can approach an incident response process as a business process – from every angle, and with every audience – the more successful you will be.
What’s the difference between an incident response process and incident response procedures?
Even though the terms incident response process and incident response procedures are often used interchangeably, we’ve used them in specific ways throughout this guide. An incident response process is the entire lifecycle (and feedback loop) of an incident investigation, while incident response procedures are the specific tactics you and your team will be involved in during an incident response process.