Incident Response
Incident Response is the preparation for, handling of and following up of cyber security incidents, to minimise the damage to an organisation and prevent recurrence.
Incident Response protects the security of an organisation’s information systems and data, by following defined procedures to analyse and respond to cyber security breaches. Incident Response may also first detect the breaches and design and implement measures to prevent a recurrence.
Responsibilities include:
- Responding to alerts from monitoring/detection systems within defined SLAs
- Using configured tools and scripts to identify potential cyber security breaches
- Following detailed procedures, analyse, responding to and/or escalating cyber security incidents
- Analysing the source, nature and impact of breaches to support threat intelligence
- Monitoring security appliance health, performing basic troubleshooting of security devices and escalating severe problems to engineers
- Contributing to the development of incident response capabilities, policies and procedures
- Maintaining logs of all actions taken.
You may want to apply for this specialism if you are currently working in one of these roles:
- Cyber Incident Response Analyst
- Cyber Incident Responder
- Cyber Security Incident Responder
- Incident Response Analyst
- Incident Response Specialist
- Threat Intelligence Response Analyst
- SOC Analyst
- Cyber Intelligence Analyst.
Please read our guidance notes below to decide whether Incident Response is the correct specialism for you. Please ensure you read the UK Cyber Security Council’s Standard for Professional Competence and Commitment for detailed guidance on competency requirements. Our application form also includes contextualised notes to ensure you complete it correctly.
Want to learn more about the Council’s role in professional registration? Please click here to be taken to The Council’s website.