Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Ideally, incident response activities are conducted by the organization's computer security incident response team (CSIRT), a group that has been previously selected to include information security and general IT staff as well as C-suite level members. The team may also include representatives from the legal, human resources and public relations departments. The incident response team follows the organization's incident response plan (IRP), which is a set of written instructions that outline the organization's response to network events, security incidents and confirmed breaches.
Incident response is all about planning ahead and having a flight plan before it is necessary. Rather than being an IT-centric process, it is an overall business function that helps ensure an organization can make quick decisions with reliable information. Not only are technical staff from IT and security departments involved, so too are representatives from other core aspects of the business.