Incident response is the process of identifying, analyzing and resolving IT incidents in real time, using a combination of computer and human investigation and analysis to minimize negative impacts on the business.
In general, IT teams try to prevent incidents through regular software updates, event monitoring and other practices. Ideally, they have enacted an incident response plan to quickly resolve incidents and identify the root cause to prevent future occurrences.
IT service management (ITSM) typically defines an incident as any unplanned disruption, or impending disruption, to an IT service. Anything from degrading network quality to running out of disk space to a cyberattack would qualify as an incident.
Security incidents are one incident type, including anything from an active threat to a successful data breach. Security incidents can originate inside or outside of an organization. Examples of security incidents include:
Incident response is one part of the overarching incident management practice. Incident management is the process of identifying and correcting IT incidents that threaten or interrupt a business’s services. Incident management aims to keep services running or — if they’re taken offline — restore them as quickly as possible, while minimizing the impact to the business.
Where incident response deals solely with how you respond to incidents once they happen, incident management encompasses incident preparation, early detection, and ongoing analysis, prevention and documentation.