Summary of Chapter 11 Response: Incident trigger, expert gathering, incident analysis, response activities are the common components of a security program. Incident response is a process to address and manage any security threat or cyberattack. There are two fundamental types of triggers that initiate response. The first type involves tangible, visible effects of a malicious attack or incident. The second type of trigger involves early warning and indications information. Based on how the triggers are addressed, incident response processes can be categorized as front-loaded prevention- to collect indications and warnings which can be used for the early prevention of security attacks, back-loaded recovery-to collect information from different sources which can provide tangible, visible information about attacks that might be underway or completed. An optimal incident response team includes two components which are a core set of individuals and a set of subject matter experts. In the case of multiple incidents with complex settings, the management of simultaneous response cases is highly important and requires assurance that there should not be any conflicts between any two cases. Incident response team must plan for multiple concurrent attacks with proper planning that includes avoidance of a single point of contact individual, case management automation, organizational support for expert involvement, 24/7 operational support. Incident response process includes forensic analysis which should address the root cause of the incident, vulnerabilities exploited, state and consequences of the incident, what action was taken. The decision process for law enforcement involvement in forensics has to be undergone to decide if law enforcement should be involved and called upon for support. Disaster Recovery Program includes three main components which are preparation, planning, and practice. National programs can provide centralized coordination In this chapter 11, we have seen the incident response is an organization’s reaction to halting and recovering from a security incident, and the response plan must be in place before the incident occurs. The goal of having an incident response plan is to ensure that your organization is fully prepared for, and ready to respond to any level of cyber security incident fast and effectively. A cyber security program will contain at least the following Incident trigger, Expert gathering, Incident analysis and Response activities.(Amoroso,2012) We have also seen about the Pre-Versus post attack response. There are two fundamental types of triggers .Tangible, visible effects of an attack and Early warning and indications information .Thus, two approaches to incident response processes are Front-loaded prevention and Back-loaded recovery. The two approaches should be combined for comprehensive response picture. Protecting national assets is worth suffering a high number of false positives.The incident response teams .