Incident Response Process

Handling Cybersecurity Incidents according to NIST SP-61

According to ISO/IEC 27035:2011 on Information security incident management, an information security incident is a “single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security”.
Incident response is a never-ending process with the end-goal of reducing damage to the organization. To be effective, it requires constantly improving methodology and adapting to new threats.

The incident response process consists of four phases:

  • Preparation
  • Detection and Analysis
  • Containment, Eradication, & Recovery
  • Post-Incident Activity


The incident response process consists of four phases

With offices in NYC and Europe, we can deploy our team virtually anywhere in the world. For mission critical systems LIFARS implements effective remote cyber incident response by deploying cyber-attack response team to the local enterprise environment.



When not actively responding to incidents, the incident response team should spend the time preparing for the next incident. Being well prepared can not only reduce the initial response time,
but also the time required to resolve the incident and restore normal business operations. The preparation phase includes preparation of the needed software, hardware tools and documentation & procedure updates. As threats are constantly evolving, a very important part of this phase is also education…


Download Incident Response Process Whitepaper to learn more.


Relevant resources: