Identification refers to the first step in the incident response process where an organization determines whether they have been breached or not. Security professionals will seek indicators of compromise while in this step of incident response. They will attempt to find damage that’s been done to computer systems or a network, or evidence that data has been copied and removed from its secure locations within an environment or business system. Not every security breach yielded damage to networks or computers, they often amount to the theft of intellectual property or critical data such as financial records, health records or other Non-Public Personal Information (NPPI).
The ultimate purpose of Identification is to determine if an incident has occurred and whether to invoke an Incident Handling process or stand down the resources that are being marshalled to fight a potential breach.
Related Terms: Containment, Eradication, Recovery, Revision, Incident Response
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
The rapid rise of generative AI has unlocked enormous promise, but it’s also accelerating the arms race in...
Read more
Newly discovered Android banking Remote Access Trojan (RAT), dubbed Klopatra, has compromised more than 3,000...
Read more
In June 2025, KNP Logistics Group, a transport company in the UK with 500 trucks and nearly two centuries of...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
