Skip to content
Log in

Incident response (IR)

Definition

The organised methodology for handling and managing the aftermath of a security breach or cyberattack. IR encompasses preparation, detection, containment, eradication, recovery, and post-incident review, and is defined by standards including NIST SP 800-61 and ISO/IEC 27035.

Related terms

Breach notification
The legal obligation to inform regulators and affected individuals when personal data is compromised in a security incident. Timelines and thresholds differ...
Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Dwell time
The period between an attacker gaining initial access and their detection. Reducing dwell time is a primary goal of threat hunting. The...
Forensic readiness
The organisational state in which people, processes, and technology are prepared to collect and preserve digital evidence with minimum disruption to business...
Proportionality
The legal principle, central to European human rights law and to many constitutional systems, that any interference with a fundamental right must...

Explained in

  • Incident Response Goals and PrinciplesThe organised methodology for handling and managing the aftermath of a security breach or cyberattack. IR encompasses preparation, detection, containment, erad...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account