Incident Response Planning

The practice of documenting a planned reaction to a security incident. This is not necessarily a breach, rather the investigation is part of the process of determining whether there was an attack, who/what was involved, and if there was any data exfiltration. Having an incident response plan in place allows companies to react quickly and decisively if a security incident occurs. Elements of the plan may involve revoking widespread access temporarily, shutting down systems, notifying stakeholders, and establishing processes for re-establishing access, re-evaluating policy and process, remediation, backup, and recovery.