Security Learning Center
What is Incident Response?
An Incident Response team is ready to help contain and remediate an attack that successfully compromises assets.
Learn about Incident Response
A strong cybersecurity program is intended to defend against attacks by limiting exposure to threats, but nothing is completely impenetrable. Sometimes attacks are successful, and efforts must shift gears to assess, investigate, and contain the attack to minimize damage.
Incident Response: FAQ
-
1 What is considered an incident?
An incident falls into one of the following categories:
- Data breach
- Stolen IT equipment such as a laptop, hard drive, server, etc.
- Internal or external network intrusion
- Rogue employee
-
2 What is the process for response?
- Sample collection/data gathering
- Analysis
- Containment
- Remediation
- Education