Incident Response vs Incident Detection

1
INCIDENT RESPONSE
learntorise
I N C I D E N T DETECTION
2
DEFINITION
learntorise
INCIDENT RESPONSE refers to the process of
effectively handling and managing
security incidents that have been detected or
reported.
INCIDENT DETECTION involves the proactive
monitoring identification of potential
security threats or anomalies within an
organization's systems or network.
3
FOCUS
learntorise
INCIDENT RESPONSE focuses on responding to and
mitigating the impact of a confirmed security
incident.
INCIDENT DETECTION focuses on identifying
indicators of compro- mise (IOCs),
suspicious activities, or patterns that may
indicate a security incident.
4
TIMING
learntorise
INCIDENT RESPONSE occurs after an incident has
been identified or reported, and it involves
immediate action to contain, investigate,
eradicate, and recover from the incident.
INCIDENT DETECTION occurs before or during a
security incident, with the aim of
identifying threats in their early stages to
enable a timely response.
5
ACTIVITIES
learntorise
INCIDENT RESPONSE activities include analyzing
the incident, gathering evidence, and
implementing measures to prevent future
incidents.

• INCIDENT DETECTION
• activities include monitoring network
• traffic, analyzing logs, using intrusion
  detection
• systems (IDS), security information and event
  management (SIEM)
• tools, to identify potential threats.

6
GOAL
learntorise
INCIDENT RESPONSE The primary goal of incident
response is to minimize the damage caused by
the incident, restore normal operations, and
prevent similar incidents from recurring.
INCIDENT DETECTION The main goal of detection is
to identify and raise alerts on potential
security incidents or breaches, allowing for a
swift response minimizing the dwell time of
threats.