Incident response is about addressing and managing the aftermath of a security breach or cyber attack against your business
Since 2013 I have investigated hundreds of security incidents to help my clients minimise the residual risk, understand how the attack has happened and what they can do to minimise the risk of security incidents happening in the future.
Incident response is a coordinated effort to rapidly respond to a security incident in the most efficient, cost-effective manner. The goal of incident response is to quickly identify an attack, minimise its effects, contain the damage, as well as identify and remediate the root cause of the incident to reduce the risk of future incidents.
Although the details of any given incident will vary, the primary stages of response to a security incident can be described in broad terms: analyse, contain, eradicate, recover, review. Since few organisations have in-house expertise in responding to security incidents involving a qualified advisor as early as possible can make a big difference in the aftermath of a security incident.