The IR Lifecycle: Prepare, Identify, Contain
Walk through NIST's six incident response phases and understand each team's role.
What is Incident Response?
Incident Response (IR) is the organized approach to addressing and managing security incidents. The goal is to minimize damage, reduce recovery time, and prevent recurrence. Having a documented IR plan before an incident is critical.
IR Frameworks
Major IR frameworks:
- NIST SP 800-61: Preparation → Detection/Analysis → Containment/Eradication/Recovery → Post-Incident
- SANS PICERL: Prepare, Identify, Contain, Eradicate, Recover, Lessons Learned
- CISA: Broadly aligned with NIST
All lessons in this course
- The IR Lifecycle: Prepare, Identify, Contain
- Evidence Collection and Chain of Custody
- Eradication, Recovery, and Lessons Learned
- Writing an Incident Report