Forensics & IR
Incident Response Plan
Also known as: IRP, Cyber incident response plan
Definition
A documented, approved playbook that defines how an organisation prepares for, detects, contains, eradicates, recovers from, and learns from cyber incidents.
Examples
- A ransomware playbook that triggers isolation, ID/communications hold, and engagement of the IR retainer within 30 minutes.
- A DPO-led notification workflow for personal data breaches within the GDPR 72-hour deadline.
Related terms
Incident Response
The organised process of preparing for, detecting, analysing, containing, eradicating, and recovering from cyber security incidents, then capturing lessons learned.
Tabletop Exercise
A discussion-based simulation in which stakeholders walk through a hypothetical cyber incident to test plans, roles, decisions, and communication.
DFIR (Digital Forensics and Incident Response)
A combined discipline that fuses digital forensic investigation with incident response to detect, contain, eradicate, and learn from cyber incidents.
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
Business Impact Analysis (BIA)
Business Impact Analysis (BIA) — definition coming soon.
Security Operations Center (SOC)
A centralized team and facility that continuously monitors, detects, investigates and responds to cybersecurity incidents across an organization's IT estate.