The Respond function includes all the actions teams take when they find a legitimate threat. This function is effectively the “break glass in case of
emergency” phase.
Activities in this function include:
- Response Planning – Short term project, rehearsed quarterly, led by Security
- Communications – Short term project, reviewed annually with Marketing, led by Security
- Analysis – Short term project, led by Security
- Mitigation – Short term, high intensity projects with many stakeholders, led by Security
- Improvements – Short term projects as required, led by Security
Here, corrective measures are used to mitigate the impact of an actual threat. Providers help prioritize the most important signals from the rest of the noise to ensure customers receive guidance when necessary and are not bothered for less important instances. One of the keys from the Response function is to triage whether an anomaly is a false positive, an event, an incident, or a breach.
![](https://cdexos.com/wp-content/uploads/2022/12/NIST-5-Core-Functions.png)