An incident response is an expedited reaction to a security issue or
occurrence. Pertaining to information security, an example would be a
security team's actions against a hacker who has penetrated a firewall
and is currently sniffing internal network traffic. The incident is the
breach of security. The response depends upon how the security team
reacts, what they do to minimize damages, and when they restore
resources, all while attempting to guarantee data integrity.
Think of your organization and how almost every aspect of it relies
upon technology and computer systems. If there is a compromise, imagine
the potentially devastating results. Besides the obvious system
downtime and theft of data, there could be data corruption, identity
theft (from online personnel records), embarrassing publicity, or even
financially devastating results as customers and business partners learn
of and react negatively to news of a compromise.
Research into past internal and external security breaches shows that
some companies go of business as a result of a serious breach of
security. A breach can result in resources rendered unavailable and data
being either stolen or corrupted. But one cannot overlook issues that
are difficult to calculate financially, such as bad publicity. To gain
an accurate idea of how important an efficient incident response is, an
organization must calculate the cost of the actual security breach as
well as the financial effects of the negative publicity over, in the
short and long term.