Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Menu
Close
Incident response
Incident response

Incident response

Back to Decoder Back
Security Agile engineering practices Tool

A predetermined protocol to be followed in the event of a security incident. The response should mitigate or correct any problems.


A widely shared plan with the appropriate stakeholders describing what they should do and expect to see in the event of a security incident — for instance a cyber attack or stolen laptop.

What is it?

A widely shared plan detailing what actions to take in the event of an incident.

Learn more
What’s in it for you?

Fast incident response times, consistent approaches to problem-solving.

Learn more
What are the trade-offs?

Having an incident response plan isn’t as useful as having an incident response plan that you’ve tested.

Learn more
How is it being used?

Some regulators are making incident response plans a required element of compliance.

Learn more

What is it?


Incidents are common things that cause upset and degrees of chaos in the business, a system outage, a data breach, or some other event. Given a scenario, what should people do, who calls who, what data should they collect, what should be left well alone? 


An incident response plan is a set of directives, job role requirements, playbooks, and checklists employed whenever an event occurs. 


Historically it’s been positive to see a coherent response plan well thought out and communicated to participants. These days we can expect to see parts of the response automated in terms of root cause analysis support data, temporary automated shutdowns, re-routing of data automating as much as possible as per a pre-agreed execution plan.

What’s in for you?


In the event of a security incident, it pays to have a well defined plan. This helps you reach a satisfactory conclusion quickly. Without an incident response plan, you run the risk of a suboptimal outcome: perhaps an important stakeholder won’t get timely notification or maybe important evidence will be compromised, hampering investigations.

What are the trade offs?


Most businesses should have some semblance of an incident response plan. But have those plans been tested? Testing for these plans often means rehearsals, with staff responding to an intentionally created incident. If you wait until you have an incident before testing your plans, you could be in for a nasty surprise.

How is it being used?


Some regulators now make incident response plans part of their compliance requirements: organizations are expected to know — in detail — how to deal with security incidents.

Related topics

Threat modeling
Learn more
IAST/RASP
Learn more
Business continuity planning
Learn more

Related articles

Incorporating security best practices into agile teams
Article
Incorporating security best practices into agile teams
Learn more
Building security: an interview with Igor Bergman
Blog
Building security: an interview with Igor Bergman
Learn more
Can DevSecOps help secure the enterprise?
Podcast
Can DevSecOps help secure the enterprise?
Listen here
Read more
Read less

Want to find out more?

Contact us

Would you like to suggest a topic to be decoded?

Just leave your email address and we'll be in touch the moment it's ready.

Marketo Form ID is invalid !!!

Thank you for your suggestion. We'll let you know when that topic's been decoded.