<p>Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs.</p>
<p><a href=”https://www.techtarget.com/searchsecurity/tip/Incident-management-vs-incident-response-explained”>Incident response is a subset of incident management</a>. <i>Incident management</i> is an umbrella term for an enterprise’s broad handling of cyberattacks, involving diverse stakeholders from the executive, legal, HR, communications and IT teams. <i>Incident response</i> is the part of incident management that handles technical cybersecurity tasks and considerations.</p>
<p>Many experts use the terms <i>incident response </i>and <i>incident management</i> interchangeably because both aim to ensure <a href=”https://www.techtarget.com/searchdisasterrecovery/definition/business-continuity”>business continuity</a> in the face of a security crisis, such as a data breach. Yet <a href=”https://www.techtarget.com/searchsecurity/tip/Business-continuity-vs-disaster-recovery-vs-incident-response”>incident response, business continuity and disaster recovery</a> measures play distinct, if complementary, roles in keeping organizations operational despite interruptions. Consider how their primary goals differ:</p>
<ul type=”disc” class=”default-list”>
<li><b>Business continuity.</b> Aims to maintain critical business operations in the face of any kind of expected or unexpected disruption — e.g., a natural disaster, planned downtime or a cyberattack.</li>
<li><b>Disaster recovery.</b> Aims to restore IT functionality after any kind of unexpected disruption — e.g., a natural disaster, a technological outage or a cyberattack.</li>
<li><b>Incident response.</b> Aims to identify, contain and resolve cyberattacks and any problems they cause.</li>
</ul>
<p>Digital forensics and incident response (<a href=”https://www.techtarget.com/searchsecurity/definition/digital-forensics-and-incident-response-DFIR”>DFIR</a>) is an approach to incident response that integrates digital forensics tools and processes. Digital forensics is a subset of forensic science that involves the collection and analysis of data to fully understand a cyberevent, as well as the preservation of evidence for future internal use — such as for reconstruction of a security event — and external use — for example, as digital evidence in court.</p>
<p>Data uncovered through DFIR practices can give incident responders a clearer, more accurate understanding of a security incident, leading to faster recovery, less disruption and a stronger security posture.</p>
<figure class=”main-article-image full-col” data-img-fullsize=”https://www.techtarget.com/rms/onlineimages/business_continuity_plan_vs_disaster_recovery_plan_vs_incident_response_plan-f.png”>
<img data-src=”https://www.techtarget.com/rms/onlineimages/business_continuity_plan_vs_disaster_recovery_plan_vs_incident_response_plan-f_mobile.png” class=”lazy” data-srcset=”https://www.techtarget.com/rms/onlineimages/business_continuity_plan_vs_disaster_recovery_plan_vs_incident_response_plan-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/business_continuity_plan_vs_disaster_recovery_plan_vs_incident_response_plan-f.png 1280w” alt=”Graphic with text explaining the differences among business continuity, disaster recovery and incident response.” height=”258″ width=”560″>
<figcaption>
<i class=”icon pictures” data-icon=”z”></i>While each is distinct, business continuity, disaster recovery and incident response all share the goal of keeping an organization running.
</figcaption>
<div class=”main-article-image-enlarge”>
<i class=”icon” data-icon=”w”></i>
</div>
</figure>
<section class=”section main-article-chapter” data-menu-title=”Why is incident response important?”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Why is incident response important?</h2>
<p>Today, Benjamin Franklin might say the only certainties are death, taxes and cyberattacks. Research suggests <a href=”https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020″>critical security incidents are all but inevitable</a>, driven by both criminal ingenuity on the attacker’s side and human error on the user’s side. A reactive, disorganized response to an attack gives bad actors the upper hand and puts the business at greater risk. At worst, the financial, operational and reputational damage from a major security incident could put an o
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: