Incident Response vs  Incident Detection
                     INCIDENT
RESPONSE
INCIDENT
DETECTION
@infosectra in
#learntor ise
DEFINITION
INCIDENT RESPONSE INCIDENT DETECTION
refers to the process of involves the proactive 
effectively handling and monitoring & 
managing security identification of
incidents that have been potential security 
detected or reported. threats or anomalies 
within an organization's 
systems or netw+ork.
@infosectra in #learntor ise
FOCUS
INCIDENT RESPONSE INCIDENT DETECTION
focuses on responding focuses on identifying
to and mitigating the indicators of compro-
impact of a confirmed mise (IOCs), suspicious 
security incident. activities, or patterns 
that may indicate a
security incident.
+
@infosectra in #learntor ise
TIMING
INCIDENT RESPONSE INCIDENT DETECTION
occurs after an incident occurs before or during 
has been identified or a security incident, with 
reported, and it involves the aim of identifying 
immediate action to threats in their early 
contain, investigate, stages to enable a 
eradicate, and recover timely response.
from the incident. +
@infosectra in #learntor ise
ACTIVITIES
INCIDENT RESPONSE INCIDENT DETECTION
activities include activities include
analyzing the incident, monitoring network 
gathering evidence, and traffic, analyzing logs, 
implementing measures using intrusion detection 
to prevent future systems (IDS), security 
incidents. information and event 
management (S+IEM) 
tools, to identify
potential threats.
@infosectra in #learntor ise
 GOAL
INCIDENT RESPONSE INCIDENT DETECTION
The primary goal of  The main goal of
incident response is to detection is to identify 
minimize the damage and raise alerts on
caused by the incident, potential security
restore normal incidents or breaches,
operations, and prevent allowing for a swift
similar incidents from response & minim+izing 
recurring. the dwell time of threats.
@infosectra in #learntor ise