The incident response plan ensures that the information security program has the necessary people, processes, and technologies in place to respond to an information security incident against your organizational information systems.

In this chapter, you learned:

• What makes up the incident response plan and why you use one
• What is needed to establish an effective incident response plan
• Automation, tools, and techniques needed to effectively support incident response activities

In the next chapter, you will learn about the security operation center. The security operations center serves to provide visibility and responses for the enterprise network, allowing for immediate action if an attacker is detected. The security operations center is a natural extension of the incident response discussion as your security operations center is typically tasked with the implementation and monitoring of the incident response plan.