Incident Response Plan

• An Incident Response Plan is "The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information systems(s)."^[1]
• Frequently, there are 6 phases in an IRP

1. Preparation
   1. This is everything that occurs before the incident; training, logging, identifying critical resources, etc.
2. Identification
   1. Determining if a breach has occurred and gathering as much information as possible
3. Containment
   1. Mitigating damage and prevent further spread
4. Eradication
   1. Ensuring that malicious access and content is removed from your systems
5. Recovery
   1. Restoring systems to business as usual
6. Lessons Learned
   1. Review of what happened to find areas of improvement.
   2. Has to be carried out no later than 2 weeks after the incident^[2]

Metadata

Sources

What are the 6 Phases in a Cyber Incident Response Plan?
SP 800-61 Rev. 2, Computer Security Incident Handling Guide | CSRC
TryHackMe | Cyber Security Training
incident response plan - Glossary | CSRC
CISA.gov | Incident-Response-Plan-Basics

Tags

#defs_sec