Overview

Incident Response Process

The incident response process starts with the declaration of the incident, as shown in Figure 1. In this context, “declaration” refers to the identification of an incident and communication to CISA and agency network defenders rather than formal declaration of a major incident as defined in applicable law and policy. Succeeding sections, which are organized by phases of the IR lifecycle, describe each step in more detail. Many activities are iterative and may continuously occur and evolve until the incident is closed out. Figure 1 illustrates incident response activities in terms of these phases, and Appendix B provides a companion checklist to track activities to completion.

REFERENCES

https://www.cisa.gov/sites/default/files/2024-08/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf
https://www.youtube.com/watch?v=PCbtJ-GudLk&list=PLi04cDmxUX2tyKB87n1wsBtYEGgmmrTrg&index=1&ab_channel=JustinTolman

PreviousCISA - INCIDENT RESPONSE PLAYBOOK

Last updated 2 months ago