Incident Response is the activities that address the short-term, direct effects of an incident and may also support short-term recovery. Incident Response in cybersecurity work is where a team responds to a crisis or urgent situations within their entity to mitigate immediate and potential threats to business operations. Incident Response plans should include various phases of prescribed activities including Incident (1) Identification, (2) Containment, (3) Eradication, (4) Recovery, and (5) Revision.
Incident response plans should be written and tested. They must place the protection of human lives above any other activity. For example: If an Ambulance Dispatch system is compromised by hackers but otherwise performing its functional duties, the first law of Incident Response – protection of human life – means you cannot necessarily move to Containment and Eradication phases until a suitable replacement service is stood up to prevent a potential loss of life.
Synonym: Identification, Containment, Eradication, Recovery, Revision
Related Term: Recovery
Source: Workforce Framework
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Artificial Intelligence (or AI) is making phishing emails smarter, malware sneakier, and credential theft easier...
Read more
DocuSign has become one of the most trusted tools in modern business. Contracts, HR paperwork, NDAs, vendor...
Read more
And yes, Google's Gemini AI had no idea it was working for the bad guys. Malware has always followed a script....
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
