Incident response (sometimes called cybersecurity incident response) refers to an organization’s processes and technologies for detecting and responding to cyberthreats, security breaches or cyberattacks. The goal of incident response is to prevent cyberattacks before they happen, and to minimize the cost and business disruption resulting from any cyberattacks that occur.

A security incident, or security event, is any digital or physical breach that threatens the confidentiality, integrity or availability or an organization’s information systems or sensitive data. Security incidents can range from intentional cyberattacks by hackers or unauthorized users, to unintentional violations of security policy by legitimate authorized users.

As noted above, an organization’s incident response efforts are guided by an incident response plan. Typically these are created and executed by a computer security incident response team (CSIRT) made up of stakeholders from across the organization—the chief information security officer (CISO), security operations center (SOC) and IT staff, but also representatives from executive leadership, legal, human resources, regulatory compliance and risk management.

How to improve knowledge skills

Take courses, read books, listen to podcasts, ask for advice, and practice becoming a better communicator. Learn how to communicate with different types of people and understand the right level of detail to communicate. Ensure your communication — both written and verbal — relays accurate information.

The positive power of incident response

Delivers Security Monitoring, Threat Detection, And Incident Response. Reduce OT Cyber Risk – Better Safeguard Assets, Processes And People. Request A Demo. View Newsroom.