The following diagram is a recap of what has been discussed so far:

• If we train our users to look for deviations from normal information system behaviors or suspicious activity, then hopefully, we will have improved defenses where everyone is doing their part to protect the organization
• There is a need for threat intelligence to be customized for teams so that capabilities such as continuous monitoring and the help desk can be cognizant of the threats that may impact the organization

Now, we need to understand how incident response fits into all of this.