Definition
Incident response refers to the containment, investigation, eradication, mitigation, and response to a cybersecurity threat.
Introduction
Incident response includes the policies, procedures, processes, practices, and communications that are designed to aid in the management of human, technical, and financial resources during and after a cybersecurity incident. Incident response is primarily concerned with containing a cyberintrusion and mitigating the harm caused by the cyberintrusion. Incident response plans are created with the understanding that it is not a matter of if a cybersecurity incident will happen, but when a cybersecurity incident will happen. An essential element in incident response, therefore, is planning for a cybersecurity incident to occur.
There is no one-size-fits-all incident response plan. The incident response plan of a private organization or government agency is determined by the organization/agency’s mission, goals, assets, and available human,...
This is a preview of subscription content, log in via an institution to check access.
References
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide: Recommendations of the National Institute of Standards and Technology. NIST special publication 800-61 Revision 2. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf.
Cyber Security Coalition. (2015). Cyber security incident management guide. https://www.cybersecuritycoalition.be/content/uploads/cybersecurity-incident-management-guide-EN.pdf.
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide for integrating forensic techniques into incident response. NIST special publication 800-86. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf.
Killcrece, G., Kossakowski, K.-P., Ruefle, R., & Zajicek, M. (2003). Organizational Models for Computer Security Incident Response Teams (CSIRTs). Handbook CMU/SEI-2003-HB-001. https://resources.sei.cmu.edu/asset_files/Handbook/2003_002_001_14099.pdf.
Maras, M.-H. (2014a). Computer forensics: Cybercriminals, laws and evidence (2nd ed.). Burlington: Jones and Bartlett.
Maras, M.-H. (2014b). Transnational security. Boca Raton, FL: CRC Press.
Maras, M.-H. (2016). Cybercriminology. New York: Oxford University Press.
Newhouse W., Keith, S. Scribner, B., & Witte, G. (2017). National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework. NIST special publication 800-181. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf.
Young, S. (2013). Incident response and SCADA. In R. Radvanovsky & J. Brodsky (Eds.), Handbook of SCADA/control systems security. Boca Raton: CRC Press.
Further Readings
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide for integrating forensic techniques into incident response. NIST special publication 800-86. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this entry
Cite this entry
Maras, MH. (2020). Cybersecurity: Incident Response. In: Shapiro, L., Maras, MH. (eds) Encyclopedia of Security and Emergency Management. Springer, Cham. https://doi.org/10.1007/978-3-319-69891-5_301-1
Download citation
DOI: https://doi.org/10.1007/978-3-319-69891-5_301-1
Received:
Accepted:
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69891-5
Online ISBN: 978-3-319-69891-5
eBook Packages: Springer Reference Law and CriminologyReference Module Humanities and Social SciencesReference Module Business, Economics and Social Sciences