IR - Incident Response Home Cybersecurity Dictionary IR - Incident Response IR is actions a company takes to manage the aftermath of a security breach or cyberattack. The goal is to have a plan to manage the situation in a way that reduces recovery time and costs and limits damage to both technology infrastructure and corporate reputation. The most effective Incident Response plans have been formalized and practiced (perhaps through tabletop simulations) in advance of a true emergency. Common activities in Incident Response include identifying/containing/eradicating the issue, and recovering the impacted systems. It may also involve the PR and Legal teams if public breach notification is required or some sort of legal risk is created. Finally, a good IR plan involves taking note of lessons learned and using that knowledge to help prevent future incidents. Related TermsIncident ManagementSOC - Security Operation CenterSIEM - Security Information and Event ManagementMSS - Managed Security ServicesMSSP - Managed Security Service ProviderEDR - Endpoint Detection and ResponseCTI - Cyber Threat IntelligenceIndicator of Compromise (IOC)Threat HuntingTTPs - Tactics, Techniques, and Procedures Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS BLOG October 08, 2018 3 Key Ways To Improve Your Incident Response As attack surfaces expand it is critical for enterprises to develop and implement a proactive incident response (IR) plan that combats an increasing l... See Details Read more about 3 Key Ways To Improve Your Incident Response How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.