RESPOND
About the Respond function.
The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident
Examples of outcome Categories within this Function include:
- Ensuring Response Planning process are executed during and after an incident
- Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
- Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
- Mitigation activities are performed to prevent expansion of an event and to resolve the incident
- The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities
