Effective incident response starts before an incident occurs

When did Noah build the ark?

Before it started raining.

Evidence shows that organizations that are prepared to respond when an incident occurs respond faster, with fewer financial losses, and with less damage to their brand integrity and reputation. Simply put, you need to prepare to respond to incidents that may affect your organization before they occur - and in doing so will dramatically reduce the impact when they occur.

Good incident response is more than just good IT

Many of us think that we've got competent IT teams, and that those teams will save us when incidents occur.

In fact, your IT team is a critical stakeholder in incident response - but IT alone won't save you. Modern incidents are just too complex. From complex regulatory requirements, to communicating with customers, financial considerations, and even dealing with employees - there are just too many things for one person or team to consider. Information technology is a critically important player - but modern incident response requires a lot of other skills, too.

Incident Response is a process

Effective incident response is a process that spans the entire lifecycle of an incident - starting before an incident occurs and continuing to learn after an incident is resolved.

Broken down into its parts, an effective process includes the following:


Identifying risks and potential threats and vulnerabilities can help an organization learn where they need to focus as they put together an incident response team.


Organizations need to develop processes to identify when incidents occur - and to be able to separate out real incidents from other events on the network.


When an incident occurs, it's critical that organizations develop procedures to contain the incident and stop the bleeding.

Investigate & Eradicate

Organizations need processes to iterate through its systems until it finds to root cause of the incident so that it can be eradicated.


Only once the organization is confident that the incident has been correctly remediated can it begin to recover its operations.


Post-mortem learning is a critical aspect of incident response - allowing organizations to capture knowledge learned and prevent future events.

How can I learn more?

Net Reaction has prepared an Incident Response Planning Guide - with which we have walked hundreds of clients through the process of thinking about events before they happen.

You may download the guide here:

Download »