This Guidance helps you to effectively respond to a security incident based on decisions that are specified in your incident response plan. The response involves characterizing the nature of the incident and making changes, which may involve activities including restoration of operational status, identification and remediation of root cause, and gathering evidence pursuant to civil or criminal prosecution.
