Your incident response processes and procedures should be maintained which includes an annual review, to ensure response is timely when detecting cyber security events. Clearly defined roles and responsibilities allows your organization to spring into action and understand who holds the decision making authority to declare an incident an actual breach of your organizations critical data. The response plan will be executed during or after an event is identified.
Immediate action must be taken following the organizations established incident management processes, to prevent the expansion of an event, mitigate its effects, and eradicate the incident. Determine what the reasonable and appropriate incident management processes are for security incidents for your organization.
Incident Analysis is conducted to ensure adequate response and support recovery activities. Measure effectiveness and update security incident response procedures to reflect lessons learned, and identify actions to take that will improve security controls after a security incident.