Back to glossary

Incident Response

An organized approach to addressing and managing the aftermath of a security breach or cyberattack.

AbbreviationIR
Categorysecurity

Overview

Incident Response (IR) is the process by which an organization handles a data breach or cyberattack, including the way the organization attempts to manage the consequences of the attack. The goal is to limit damage and reduce recovery time and costs.

The SANS Incident Response Steps

  1. Preparation: Establishing an IR team and tools.
  2. Identification: Detecting and validating the incident.
  3. Containment: Limiting the scope and impact of the breach.
  4. Eradication: Removing the threat from the environment.
  5. Recovery: Restoring systems to normal operation.
  6. Lessons Learned: Documenting the incident to improve future response.

Incident Response Plan (IRP)

A formal document that outlines the procedures to be followed in the event of a security incident, ensuring a consistent and effective response.

Related Terms

Digital ForensicsBusiness Continuity PlanningDisaster Recovery PlanningIndicators of Compromise