The goal of the Respond function is to develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements.
Analysis is conducted to ensure effective response and support recovery activities.
Response activities are coordinated with internal and external stakeholders (e.g. external support from law enforcement agencies).
Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.
Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.
Response processes and procedures are executed and maintained, to ensure response to detected cybersecurity incidents.