incident response plan (IRP)

An incident response plan (IRP) is a set of written instructions for adequately detecting, responding to and limiting the effects of an information security incident, an event that may or may not be an attack or threat to computer system or corporate data security.

An incident response plan (IRP) is a set of written instructions for detecting, responding to and limiting the effects of an information security event.

Incident response plans provide instructions for responding to a number of potential scenarios, including data breaches, denial of service/distributed denial of service attacks, firewall breaches, virus or malware outbreaks or insider threats. Without an incident response plan in place, organizations may either not detect the attack in the first place, or not follow proper protocol to contain the threat and recover from it when a breach is detected.

According to the SANS Institute, there are six key phases of an incident response plan:

1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise

2. Identification: Determining whether an event is indeed a security incident

3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage

4. Eradication: Finding the root cause of the incident, removing affected systems from the production environment

5. Recovery: Permitting affected systems back into the production environment, ensuring no threat remains

6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts

An incident response plan can benefit an enterprise by outlining how to minimize the duration of and damage from a security incident, identifying participating stakeholders, streamlining forensic analysis, hastening recovery time, reducing negative publicity and ultimately increasing the confidence of corporate executives, owners and shareholders. The plan should identify and describe the roles/responsibilities of the incident response team members who are responsible for testing the plan and putting it into action. The plan should also specify the tools, technologies and physical resources that must be in place to recover breached information.

This was first published in February 2014

Continue Reading About incident response plan (IRP)

Glossary

'incident response plan (IRP)' is part of the:

View All Definitions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close