An incident response (IR) plan is a detailed set of processes and procedures that anticipate,
detect, and mitigate the impact of an unexpected event that might compromise information
resources and assets. Incident response plans are composed of six major phases:
1. Preparation. This phase involves planning and readying in the event of a security
incident.
2. Identification. This phase involves identifying a set of events that have some negative
impact on the business and can be considered a security incident.
3. Containment. During this phase the security incident has been identified and action is
required to mitigate its potential damage.
4. Eradication. After it’s contained, the incident must be eradicated and studied to make
sure it has been thoroughly removed from the system.