Incident response is one of the core business areas for a Security Operations Centre (SOC). Identifying vulnerabilities, threats, and attacks in progress are worth nothing unless the organization (informed by the SOC and others) does something about it.
There are national guidelines for identifying individual and team responsibilities during an incident response, but the 210-255 course centers around the American National Institute of Standards and Technology (NIST) guidelines. This is because Cisco is an American company, but also because the NIST guidelines are fairly internationally recognized as a baseline. National guidelines tend to supplement, rather than contradict, the NIST guidelines.
NIST has defined the stages of incident response (pre-, during-, and post-incident); the teams that exist and how they interact (national, company, industry, software, and manufacturer); and the different tasks individuals and teams have at each of the different stages. These guidelines contribute to and are supplemented by regulatory and industry guidance. Each organization must be compliant and part of an SOC's responsibilities may be to provide assurance to the board that this is the case.
The following chapters are included in this section: