Incident response varies from team to team and organization to organization. Some organizations have a dedicated team for responding to security incidents, but many have these activities built into their daily activities. For better or for worse, we can acknowledge that we can improve our ability to be proactive to incidents, as well as preventing incidents if we have the capability to collaborate and communicate effectively.

In this chapter, we reviewed:

• Incident response processes:
  • Preparation
  • Detection and analysis
  • Containment, eradication, and recovery
  • Post-incident activity
• Integration of F3EAD and incident response processes
• Integration of F3EAD, incident response, and intelligence cycle processes
• Example incident response Capability Maturity Model