Incident response is an action plan developed (by an organization or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It is comprised of multiple steps in order to complete the process.

These are the standard six steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation). The goal is to handle and remediate the situation in a way that limits damage and reduces cost and recovery time.