The IT Law Wiki

Incident response plan

32,085pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

An incident response plan is

[a] set of predetermined and documented procedures to detect and respond to a cyber incident.[1]
[t]he documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's information system(s).[2]

Overview Edit

The response should be measured first and foremost against the "service being provided," not just the system that was compromised. If an incident is discovered, there should be a quick risk assessment performed to evaluate the effect of both the attack and the options to respond. For example, one possible response option is to physically isolate the system under attack. However, this may have such a dire impact on the service that it is dismissed as not viable.

References Edit

  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. 12 FAM 090 (full-text).

Also on Fandom

Random Wiki