Incident Response
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified in Cybersecurity premium course — no separate purchase.
Included in this chapter:
- Event, alert, incident, breach: getting the words right
- The four-phase incident response lifecycle
- Contain, then eradicate, then recover
- The CSIRT and the incident response plan
- Exam-pattern recognition
Event vs alert vs incident vs breach
| Term | What it is | Severity | Example |
|---|---|---|---|
| Event | Any observable occurrence on a system or network | Usually harmless | A user logs in; a service restarts |
| Alert | A notification a monitoring tool raises about a suspicious event | Needs a look | Antivirus flags a file; a login from a new country |
| Incident | An event that harms or threatens CIA or violates policy | Real harm or threat | Malware spreads; an account is taken over |
| Breach | Confirmed exposure, theft, or disclosure of protected data | Most serious | Customer records are copied out by an attacker |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.