Incident Response Plan

Why Trust Techopedia

What Does Incident Response Plan Mean?

An incident response plan is a document that specifies how an organization will limit the risk of negative consequences should an incident occur that violates an organization's policies for acceptable use.

Advertisements

Incidents are often categorized by the type of risk they pose to continued operations. A cybersecurity incident response plan, for example, provides step-by-step instructions for what employees should do in response to the following types of events:

The purpose of an incident response plan is to clearly document responsibilities and linear workflows so everyone is on the same page should an event occur.

Techopedia Explains Incident Response Plan

An incident response plan ensures that an incident or breach is resolved or counteracted within the minimum possible time and with the least effect on an organization and its IT systems/environments.

The plan can be a discrete document or included as part of a larger disaster recovery and business continuity plan (BCP).

According to the SANS Institute, every incident response plan should have these six components:

  1. Staff training
  2. Incident identification
  3. Breach containment
  4. Problem eradication
  5. Data recovery
  6. Lessons learned
Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…