What are the phases of incident response?

The NIST incident response lifecycle has four phases. Preparation involves establishing policies, procedures, teams, tools, and communication plans before incidents occur. Detection and analysis involves identifying potential incidents through monitoring, alerts, and user reports, and determining scope and severity. Containment, eradication, and recovery involves isolating affected systems to prevent spread, removing the threat, restoring systems from clean backups, and validating normal operations.