Incident response is a well-organized approach used in organizations’ IT departments in order to combat and manage the aftermath of a cyberattack or a security breach. The purpose of using incident response is to get out of the nightmare that includes limiting the damage and reducing the costs and recovery time of the incident. The people who perform incident response are called Computer Security Incident Response Team (CSIRT) and they follow company’s Incident Response Plan (IRP).

As cybersecurity measures are improving day by day, threat actors are also being sophisticated and creating high profile attacks to evade modern defense systems. These attacks result in generating major incidents, which are the highest-urgency and highest-impact incidents that can affect too many individuals or/and companies at the same time depriving critical data or hampering critical business operations.