incidence response planThe documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information system(s).

What is Incident Response?

Incident response (IR) is the steps used to prepare for, detect, contain, and recover from a data breach.

What is an Incident Response Plan?

An incident response plan is a document that outlines an organization’s procedures, steps, and responsibilities of its incident response program.

Incident response planning includes the following details:

  • how incident response supports the organization’s broader mission
  • the organization’s approach to incident response
  • activities required in each phase of incident response
  • roles and responsibilities for completing IR activities
  • communication pathways between the incident response team and the rest of the organization
  • metrics to capture the effectiveness of its IR capabilities

It’s important to note that an IR plan’s value doesn’t end when a cybersecurity incident is over; it continues to provide support for successful litigation, documentation to show auditors, and historical knowledge to feed into the risk assessment process and improve the incident response process itself.

call now button