Incident Response
Definition
Incident response is the structured process by which an organisation responds to a cybersecurity incident: from detection and containment to recovery and root cause analysis.
An incident response process typically goes through six phases: preparation, detection and analysis, containment, eradication, recovery and post-incident evaluation. Each phase has specific tasks, roles and communication lines.
Speed is critical: the longer an attacker goes undetected, the greater the damage. Engaging an incident response retainer with a specialist like DEFION guarantees that an expert team is immediately available.
Good preparation includes developing an incident response plan, regular exercises (tabletop exercises) and establishing communication protocols for crisis situations.