## Incident Response

The four major phases of the incident response process are:
1. **Preparation:** This requires a team trained and ready to handle incidents. Ideally, various measures are put in place to prevent incidents from happening in the first place.
1. **Detection and Analysis:** The team has the necessary resources to detect any incident; moreover, it is essential to further analyze any detected incident to learn about its severity.
1. **Containment, Eradication, and Recovery:** Once an incident is detected, it is crucial to stop it from affecting other systems, eliminate it, and recover the affected systems. For instance, when we notice that a system is infected with a computer virus, we would like to stop (contain) the virus form spreading to other systems, clean (eradicate) the virus, and ensure proper system recovery.
1. **Post-Incident Activity:** After successful recovery, a report is produced, and the learned lesson is shared to prevent similar future incidents.