IR - Incident Response

IR is actions a company takes to manage the aftermath of a security breach or cyberattack.

 

The goal is to have a plan to manage the situation in a way that reduces recovery time and costs and limits damage to both technology infrastructure and corporate reputation. The most effective Incident Response plans have been formalized and practiced (perhaps through tabletop simulations) in advance of a true emergency. Common activities in Incident Response include identifying/containing/eradicating the issue, and recovering the impacted systems. It may also involve the PR and Legal teams if public breach notification is required or some sort of legal risk is created. Finally, a good IR plan involves taking note of lessons learned and using that knowledge to help prevent future incidents. 

 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.