RESPOND
RESPOND
Respond – includes adequate activities to take action as response to a detected cybersecurity event. This function supports the ability to contain the impact of a potential cybersecurity event.
Respond categories include:
‣ Response Planning – ensuring process and procedures are executed and maintained. These response plans must be timely response, either while the cybersecurity event is still taking place, or after threat detection.
‣ Communications – coordinate response activities, during and after an event with internal and external stakeholders and law enforcement.
‣ Analysis – ensures effective response and support recovery activities including forensic analysis, incident categorization, and determining the impact of incidents.
‣ Mitigation – includes activities to contain the incident prevent it from spreading and mitigate the potential damage of the threat.
‣ Improvements – the organization implements improvements by incorporating lessons learned into response strategy from current and previous detection / response activities.
