ABSTRACT
This chapter examines ways to organize to respond to security incidents and the steps to go through when responding. This includes compiling preliminary and final reports about incidents, approaches to disciplinary actions, and contacting law enforcement agencies when necessary. The chapter covers the type of information that should be included in incident reports as well as the type of information about the incident that will help law enforcement agencies respond to security incidents. It also covers methods that will help an organization learn lessons from security incidents and translate those lessons into improved training and more thorough security procedures as well as better mitigation techniques. The chapter explains how to respond when facing life-threatening incidents, and the need for formal documented procedures to respond to security incidents. It discusses the importance of compiling thorough reports on security incidents, and the use of progressive discipline to change an employee's behavior.
