An organization that is not prepared to handle an incident will almost always fail to appropriately detect, let alone respond to, a security incident. Preparation, of course, includes establishing an incident response program, including all the necessary compliance and governance documentation (including policy, standard, and procedures, at a minimum). But it also includes socializing the different aspects of this program so that it can be effectively executed. There are four key steps within this framework: preparation, detection and analysis, containment eradication and recovery, and post-incident activity.”]

