[2] An incident response plan (IRP) is a group of policies that dictate an organizations reaction to a cyber attack.
[4] Every plan is unique to the needs of the organization, and it can involve skill sets that are not part of an IT team.
[7] Skills need to be used by this team would be, penetration testing, computer forensics, network security, etc.
[10] When an end user reports information or an admin notices irregularities, an investigation is launched.
[citation needed] All of the members of the team should be updating this log to ensure that information flows as fast as possible.
[12] In this phase, the IRT works to isolate the areas that the breach took place to limit the scope of the security event.
[20] This stage could include the recovery of data, changing user access information, or updating firewall rules or policies to prevent a breach in the future.