You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Incident response (IR) is the organised approach to detecting, containing, eradicating, and recovering from network security incidents. No matter how strong your preventive controls are, breaches will occur. The quality of your incident response determines whether an incident is a minor disruption or a catastrophic failure.
A security incident is any event that compromises the confidentiality, integrity, or availability of information assets. Not every security event is an incident — but every incident starts as an event.
| Term | Definition |
|---|---|
| Event | Any observable occurrence in a system or network |
| Alert | An event flagged by a security tool as potentially malicious |
| Incident | A confirmed violation of security policy or a breach |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.