Organizations are bombarded with potential threats every day. Most of the events or incidents posing threats are not likely to cause any damage in your environment, but they need to be investigated, nonetheless. To quickly and efficiently investigate and respond to threats, you need a plan. An incident response plan defines your response, not only to effectively address specific, individual incidents, but also to examine sequences of events to determine if they may match the steps an attacker might take to compromise security in your environment.
This section covers the following subtopics: