The IT Law Wiki

Cyber incident response

32,060pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Cyber incident response is

[a] way to minimize possible impacts of cyber security incidents and assist in the identification, classification, response, and reporting of cyber security incidents related to critical cyber assets.[1]

Overview Edit

A cyber incident response capability must include several elements that are proactive in nature to prevent an incident or better allow the organization to respond when one occurs. These elements are green in Figure 1 and include planning, incident prevention, and post-incident analysis/forensics. Other elements center on detecting and managing an incident once it occurs. These are reactive in nature and are typically carried out under severe time constraints and great visibility. These elements, shown in red in Figure 1, include detection, containment, remediation, and recovery and restoration.


References Edit

  1. IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework, App. B, Glossary.

Source Edit

See also Edit

Also on Fandom

Random Wiki