What is incident response?

• A. The process of predicting future cyber threats.
• B. The process of deleting all data after an incident.
• C. The process of creating new security policies.
• D. The process of responding to incidents to minimize damage and reduce recovery time and costs.

Answer: (D)

Incident response is the set of actions an organization takes to handle a security incident from detection through recovery and learning. It aims to minimize damage, reduce downtime, and lower costs by quickly containing the threat, removing it, restoring systems, and reviewing what happened to prevent recurrence. This activity is typically organized around preparation, identification, containment, eradication, recovery, and lessons learned, often coordinated by a dedicated incident response team. The other options describe activities outside of the focused process of reacting to incidents—predicting threats, deleting data after an incident, or creating new policies—which are not the immediate response activities designed to limit impact and speed up recovery.