Incident Response Guide

Getting Started

Published February 2021

IRG

Every security incident is different and requires a unique response. Mature incident response plans may consist of comprehensive flow-charts and detailed playbooks for an exhaustive list of eventualities. These are typically built through experience—either by hiring experienced incident response analysts or by teams who, over time and across multiple incidents, meticulously document which response actions work and which don’t. Problematically, as an incident response plan becomes more sophisticated, it also becomes more specific to the organization who developed it and less applicable to others.

In this way, a generalized incident response plan (IRP) can be hugely beneficial because it can demonstrate, on a conceptual level, where to start and how to move forward with remediation. Whether you’re dealing with a strain of ransomware like LockerGoga or a trojan like Emotet, you’ll often end up following a lot of the same response and remediation actions.