Incident Response
Incident response (IR) is the structured process of detecting, containing, eradicating, and recovering from a security incident, then conducting a post-incident review to prevent recurrence. The SANS PICERL model defines six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
Frequently Asked Questions
What is Incident Response?
Incident response (IR) is the structured process of detecting, containing, eradicating, and recovering from a security incident, then conducting a post-incident review to prevent recurrence. The SANS PICERL model defines six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
How is Incident Response related to SOC (Security Operations Center)?
Incident Response and SOC (Security Operations Center) are both key concepts in threat intelligence. A Security Operations Center is a team (and facility) responsible for continuously monitoring, detecting, investigating, and responding to cybersecurity incidents. SOC analysts rely on threat intelligence, SIEM platforms, and playbooks to triage alerts efficiently.