Incident Response: 10 steps for an effective program

Incident response (IR) is one of the key components of a strong cyber security program, but it does not work well when fragmented and disjointed. This is especially true in emerging remote and hybrid work environments, where security teams must track many more endpoint devices and deal with much greater complexities and threats than in the past.

Modern cybersecurity typically involves coordination among many different components, including processes, policies, tools, services, and people. Incident response must follow that same approach to effectively prevent or defend against compromises that may happen across the enterprise.

For that to happen, integration among the various IR components is vital. There can be no silos among different solutions and data sources when interaction and information sharing is necessary for good security.

To ensure that organizations implement the best possible incident response program, Sophos recently released a guide with 10 key steps security teams must take. The guide is designed to help practitioners:

  • Define the framework for their cybersecurity incident response plan,
  • Learn the 10 main steps such a plan should include, and
  • Understand the role managed detection and response (MDR) services play in supporting the plan.

The 10 steps are captured in this chart:

For detailed explanations of each step, download the full report here.

Bill Brenner

Bill Brenner is VP of Content Strategy at CyberRisk Alliance — an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology’s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.