In order to define “incident response,” you first need to understand what constitutes a security incident. The Verizon report defines an incident as “a security event that compromises the integrity, confidentiality or availability of an information asset.” An incident could include an attack, that is, an intentional attempt to gain unauthorized access to damage or destroy a network. Or an incident could be a simple accident, such as an employee leaving a company laptop in a cab. An incident may or may not involve a breach, the theft of company information.
Cybersecurity incident response is a formal, organized approach for dealing with all kinds of security incidents. It usually involves an incident response plan (IPR), which lays out the steps that a company should follow after an incident occurs. These plans should include the incident response process for all of the most common types of incidents, including those listed below.