Establish a process to detect and prevent security incidents.
What actions must be taken in response to a security incident?
The security incident response process is centered on the preparation, detection and analysis, containment, investigation, eradication, recovery, and post incident activity surrounding such an incident.
Why is security incident response important?
Responding to an incident quickly will help an organization minimize losses, mitigate exploited vulnerabilities, restore services and processes and reduce the risks that future incidents pose.
What is an incident response policy?
The Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.