[Isabelle Tubbs]

As a part of incident response, it is important that security measures are put in place to send alerts for these events, and they need to be working effectively. These are likely automated, but some tools can detect these incidents once they are run manually as well. Another way an incident can be discovered is through reports, which should be taken into account too.

Once an incident is discovered and is found to be real, the incident response team must try to be quick in its response, fix the issue as completely as possible, find a way to prevent it in the future, and try not to hinder employees’ business while using the system as much as possible. Having an issue on the system is not something that should continue to linger, so creating a fix for this as soon as possible is important. However, this should not be at the expense of how great the quality of fixing the issue is done. The incident needs to be addressed properly, and measures that prevent it from happening in the future should be made. Finally, although this can be quite difficult, it is preferred that these repairs do not affect those who need to use the system so that there is no down time.