It’s Not Over When the Breach Happens
How a US company responds to a security incident can be more damaging than the incident itself if handled poorly. A well-rehearsed **Incident Response (IR) Plan** is crucial.
Phases of Incident Response
- Preparation: Having the plan, the team, and the tools ready.
- Identification: Detecting the incident and determining its scope.
- Containment: Stopping the spread of the attack.
- Eradication: Removing the attacker and their tools from the environment.
- Recovery: Restoring systems to normal operation.
- Post-Incident Activity: Learning from the incident and improving defenses.
The Team
A good IR plan defines roles and responsibilities – who makes decisions, who talks to the press, who contacts legal counsel.
