Incident Response Life Cycle

Overview

Though the details and nature of incidents may vary, all typically follow a standard response process organized in several phases:

• Preparation

• Detection and analysis

• Containment

• Eradication and recovery

• Post-incident activity

Read more about these phases in the NIST Computer Security Incident Handling Guide (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf)

Internal Incident Response Team

Internal team members

• Management

• Information Assurance

• IT Support:

• Legal Department

• Public Affairs and Media Relations

• Human Resources

• Business Continuity Planning

• Physical Security and Facilities Management

Learn more about these teams and their roles in the NIST Computer Security Incident Handling Guide (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf)

External Incident Response Team

External team members

The incident response lifecycle can require support from people outside of the organization such as law enforcement agencies, internet service providers, support vendors, the media, other incident response teams, and more.

Reference: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf