The term incident response can be applied to any operational issue such as a service that goes down due to a hardware problem. However, some organizations use the term exclusively for cybersecurity incidents.Next: Incident Management
Incident detection and verification.
Identify correct incident response team.
Roles & responsibilities for the incident response.
Notify incident response team.
Create an incident ticket.
Identify affected systems, assets and services.
Incident categorization and severity level.
Use preexisting incident response plans.
Use preexisting procedures for incident resolution.
Incident communication and escalation.
Manage stakeholder communications.
Update the incident ticket with everything that you do.
Collect and preserve evidence.
Incident analysis and troubleshooting.
Isolate affected systems.
Use of monitoring tools.
Analysis of logs and system events.
Employ debugging and diagnostic tools.
Review configuration and settings.
Review recent changes leading up to incident.
Solution identification and testing.
Implement temporary fixes.
Rebuild and recover.
Restore systems from backup.
Validate the integrity of fixes.
Identify the root cause.
Remove malware or unauthorized access.
Patch or fix vulnerabilities.
Apply permanent fixes.
Monitor for any signs of reoccurrence.
Conduct a post-incident review.
Comply with any regulatory reporting requirements.
Update the incident response plan.