Incident Response Plan
Definition - What does Incident Response Plan mean?
An incident response plan is a systematic and documented method of approaching and managing situations resulting from IT security incidents or breaches. It is used in enterprise IT environments and facilities to identify, respond, limit and counteract security incidents as they occur.
Techopedia explains Incident Response Plan
An incident response plan ensures that an incident or breach is resolved or counteracted within the minimum possible time and with the least effect on an organization or its IT systems/environments. Typically, an incident response plan is a formal step-by-step process that is clearly defined within or as part of an organization's disaster recovery or business continuity plan (BCP).
According to the SANS Institute, an incident response plan has six components, as follows:
- Staff and organizational preparation
- Incident identification
- Breach containment
- Problem eradication
- Data recovery and services
- Formation of lessons learned, which are used for future audit requirements