The focus of this chapter will be on presenting the idea of security incidents and response. First, we will define a security incident and then move on to developing the process of responding, including roles and procedures for remediation. Getting buy-in from other teams outside of security, including management, is key to the success and effectiveness of an incident response capability. The Taking action section will cover both internal response and leveraging of third parties when necessary. This chapter focuses on the basics of developing and implementing a security incident response capability in the enterprise. Incident response forms and process flow are included in Appendix E, Security Incident Response ...