The incident response plan is the first action required to minimize risk. It is naive to assume that just building the wall is enough to deter any and all attacks materializing. In sport, an incident response plan might be referred to as a playbook in other situations, it might be called contingency planning. Whatever the terminology, every organization should have one, and those that don't should be creating one. When joining an organization as a security operator, knowing where the plan is and any stated responsibilities of the role should be a priority.

In this section, we will look at elements that should be included in an incident response plan.

An incident response plan outlines the basic requirements for incident response, including key personalities, responsibilities, and accountability. The aim of the plan is to stimulate action within the organization toward managing incidents responsibly. Most importantly, it underlines the importance of incident response to the organization's strategic aims and objectives.

Each of the key elements (highlighted in bold) of an incident response plan, as listed in NIST.SP 800-61 Revision 2 § 2.3.2, are discussed briefly in the following sections.