ELI5: What is Preparation?
Preparation is everything you do before something bad happens — writing plans, training the team, and setting up tools. It is like packing an emergency kit before a storm arrives.
Definition
Preparation is the first and foundational phase of the NIST Incident Response lifecycle, in which the organization builds its incident response capability before any incident occurs. Effective preparation is considered the most important phase — organizations that invest in preparation respond faster, more effectively, and with less damage than those who only react when incidents happen.
Key Details
- IR team: establish roles, responsibilities, and on-call rotations for the incident response team
- Playbooks: document response procedures for anticipated incident types (ransomware, phishing, insider threat)
- Tool deployment: SIEM, EDR, network monitoring, forensic workstations, and communication tools
- Tabletop exercises: practice IR scenarios through discussion-based simulations to test and improve playbooks
- Communication plan: define escalation paths, notification procedures, and pre-approved messaging
Connections
- Parent: incident-response — preparation is Phase 1 of the NIST IR lifecycle
- See also: nist-ir-lifecycle