Incident response is the visible side of cybersecurity. It is often the case that no-one knows what a Cyber Security Incident Response Team (CSIRT) is doing when there isn't an incident in progress.
In this chapter, we saw that there are, in fact, four stages of incident response, and only two of these occur while an incident is in progress. The National Institute for Standards and Technology (NIST) have produced guidance on how to produce and enact a plan for incident response. It is centered on the four stages: preparation; detection and analysis; containment, eradication and recovery; and post-incident analysis (NIST calls this post-incident activity).
We have also learned the different types of CSIRT and their different aims and objectives. Sitting at different levels of an organization, the CSIRT collective effort is aimed at keeping users safe from vulnerabilities...