Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Incident Response Plan
Definition - What does Incident Response Plan mean?
An incident response plan is a systematic and documented method of approaching and managing situations resulting from IT security incidents or breaches. It is used in enterprise IT environments and facilities to identify, respond, limit and counteract security incidents as they occur.
Techopedia explains Incident Response Plan
An incident response plan ensures that an incident or breach is resolved or counteracted within the minimum possible time and with the least effect on an organization or its IT systems/environments. Typically, an incident response plan is a formal step-by-step process that is clearly defined within or as part of an organization's disaster recovery or business continuity plan (BCP).
According to the SANS Institute, an incident response plan has six components, as follows:
- Staff and organizational preparation
- Incident identification
- Breach containment
- Problem eradication
- Data recovery and services
- Formation of lessons learned, which are used for future audit requirements
-
The Cybersecurity Blueprint: A Four-Part Model for Providing Comprehensive Layered Security - Cyberattacks have increased in both number and severity over the past few years; ransomware alone is responsible for roughly $5 billion USD in 2017. Cyberthreats loom over both individuals and businesses.
