The incident response process
We can use all the available industry standards, recommendations, and best practices to create your own IR process. The guide that we are going to use as a reference in this chapter is the Computer Security Incident Response (CSIR) publication, SP 800-61R2, from NIST.
Please refer to https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf for this publication.
Regardless of what you select to use as a reference, make sure to adapt it to your own business requirements.
Most of the time in security, the concept of "one size fits all" doesn't apply; the intent is always to leverage well-known standards and best practices and apply them to your own context. It is important to retain the flexibility to accommodate your business needs in order to provide a better experience when operationalizing it.
Creating an incident response process
To begin creating an IR process, let's consider the...