Optiv Cybersecurity Dictionary

What is IR - Incident Response?

Incident response (IR) represents the actions a company takes to manage the aftermath of a security breach or cyberattack.


The goal is to have a plan to manage the situation in a way that reduces recovery time and costs while limiting damage to both technology infrastructure and corporate reputation. The most effective incident response plans have been formalized and practiced (perhaps through tabletop simulations) in advance of a true emergency. Common activities in incident response include identifying/containing/eradicating the issue, and recovering the impacted systems. It may also involve the PR and legal teams if public breach notification is required or some sort of legal risk is created. Finally, a good IR plan involves taking note of lessons learned and using that knowledge to help prevent future incidents. 

Contact Us