The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information system(s).
What is Incident Response?
Incident response (IR) is the steps used to prepare for, detect, contain, and recover from a data breach.
What is an Incident Response Plan?
An incident response plan is a document that outlines an organization’s procedures, steps, and responsibilities of its incident response program.
Incident response planning includes the following details:
- how incident response supports the organization’s broader mission
- the organization’s approach to incident response
- activities required in each phase of incident response
- roles and responsibilities for completing IR activities
- communication pathways between the incident response team and the rest of the organization
- metrics to capture the effectiveness of its IR capabilities
It’s important to note that an IR plan’s value doesn’t end when a cybersecurity incident is over; it continues to provide support for successful litigation, documentation to show auditors, and historical knowledge to feed into the risk assessment process and improve the incident response process itself.