Incident Response (IR)
The way an organization responds to a cyberattack or data breach. This includes thwarting the attack by shutting down systems, examining logs to discover when the attack took place and which systems are involved, informing affected users, customers, or employees if they were affected by the breach, as well as any other research and decisions that must be made before systems can safely be placed online.