The six steps of an incident response plan are: 1) preparation through creating security policies and communication strategies, 2) identification of malicious acts by analyzing logs and data, 3) containment to limit damage and prevent escalation, 4) eradication by removing contaminated systems and replacing them, 5) recovery of damaged work and cleaning impacted systems, and 6) analyzing lessons learned including the root cause of the breach.