Security incidents can wreak catastrophic results on organizations. Such incidents may involve hacking, malware outbreaks, economic espionage, intellectual property theft or loss, network access abuse, theft of IT resources, or many other issues. Recent regulatory mandates directly affect how organizations should deal with such occurrences.
The well-known security maxim, "prevention-detection-response," covers three components, all crucially important for an organization’s security posture. "Prevention" seems favored by many as the primary component with "detection" following close behind. However, "response" has a unique characteristic lacking in the other two components: it is impossible to avoid. While it is not uncommon for an organization to have weak prevention and nearly non-existent detection capabilities, response will always be present, since organizations are forced into response mode by attackers.