Respond is 1 of the 5 domains under the NIST CyberSecurity Framework along with Identify, Protect, Detect and Recover.

It is also generally understood the importance of IR in the industry because “it is not a matter of if but when your system is compromised”.  Promptly respond to incident could trigger the required recovery actions to minimize business interruption.

The hard part is that you’ll never know if the response will work in real life even though there are regular drills to opt for continuous improvement.  This is like the air-bag in your car – you only know if it serves the purpose when triggered.

Leave a Reply