Ad blocker interference detected!
Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers
Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.
Cyber incident response is
|“||[a] way to minimize possible impacts of cyber security incidents and assist in the identification, classification, response, and reporting of cyber security incidents related to critical cyber assets.||”|
A cyber incident response capability must include several elements that are proactive in nature to prevent an incident or better allow the organization to respond when one occurs. These elements are green in Figure 1 and include planning, incident prevention, and post-incident analysis/forensics. Other elements center on detecting and managing an incident once it occurs. These are reactive in nature and are typically carried out under severe time constraints and great visibility. These elements, shown in red in Figure 1, include detection, containment, remediation, and recovery and restoration.
- ↑ IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework, App. B, Glossary.
- (Overview section and graphic): Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability, at 3.