{"id":9637,"date":"2020-06-12T10:16:00","date_gmt":"2020-06-12T16:16:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/the-role-of-preparation-and-process-in-incident-response\/"},"modified":"2025-12-09T23:10:40","modified_gmt":"2025-12-10T06:10:40","slug":"%e3%82%a4%e3%83%b3%e3%82%b7%e3%83%87%e3%83%b3%e3%83%88%e5%af%be%e5%bf%9c%e3%81%ab%e3%81%8a%e3%81%91%e3%82%8b%e6%ba%96%e5%82%99%e3%81%a8%e3%83%97%e3%83%ad%e3%82%bb%e3%82%b9%e3%81%ae%e5%bd%b9%e5%89%b2","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/","title":{"rendered":"\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor-300x200.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor-768x512.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2020-06-12T10:16:00-06:00\">6\u6708 12, 2020<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">The Role of Preparation and Process in Incident Response<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/ja\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">3 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('The%20Role%20of%20Preparation%20and%20Process%20in%20Incident%20Response').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fthe-role-of-preparation-and-process-in-incident-response%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=The%20Role%20of%20Preparation%20and%20Process%20in%20Incident%20Response&url=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fthe-role-of-preparation-and-process-in-incident-response%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fthe-role-of-preparation-and-process-in-incident-response%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fja%2Fblog%2Fthe-role-of-preparation-and-process-in-incident-response%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2>&nbsp;<\/h2>\n<figure class=\"c-figure--inline\"><a href=\"https:\/\/www.flickr.com\/photos\/seattlemunicipalarchives\/4459827777\/in\/photolist-7N6Mqn-6ArUEN-9sNmbP-nS5mhb-6ArULj-6Layom-dvk5eg-9gz9Mv-7Kdud8-85m47i-crXq1W-8f9FzL-9iMCFA-58MgN2-63dow9-czJoQU-9nS6Dy-6AnLyX-wbjcui-czJpGj-9nP4jv-9oWnxK-6ArL63-57JsdJ-hviCUZ-6ArL7E-6Mn46u-43d1ua-8jA7W7-6ArLbh-aTDhHB-7Tbxtq-czJq81-qWJSQo-bmDXKm-bu8m7J-f3d2mz-brPHba-7FbC8y-e8bgxD-7nPUMK-sjPkLW-7x6uS1-71FH24-5UCiJU-7PUXFF-6L2mJp-6AnBXv-65mmMS-8GWUQP\"><img><\/a><figcaption>Courtesy of Flickr<\/figcaption>The first and most important step in the <a>incident response<\/a> lifecycle is preparation. Preparation ahead of an incident is what will allow you to respond more quickly and effectively in the midst of chaos. Preparation takes different forms as it affects different aspects of the cycle, so let\u2019s use a common taxonomy\u2014people, process, and technology, keeping in mind that they are interrelated.<\/figure>\n<div>&nbsp;<\/div>\n<div>In this post, we\u2019re going to set aside our usual focus on all things <a href=\"https:\/\/swimlane.com\/solutions\/security-automation-and-orchestration\" rel=\"noopener\">security orchestration, automation and response (SOAR)<\/a> to dig into p<em>reparation<\/em>, specifically looking at the role of policies and baselines in identifying incidents. If your team can\u2019t properly identify an incident, your organization is exposed to substantial risk.<\/p>\n<div>\n<figure class=\"c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/Swimlane-Prep-Blog_052720-01.png\"><\/figure>\n<\/div>\n<div>\n<p class=\"c-figure--inline\">Let\u2019s start at the beginning. The first aspect of the preparation phase is identifying and assigning roles and responsibilities. This will depend on various factors, such as the severity of the incident, the details of the environment, and tools you have available.<\/p>\n<p>Once the appropriate people are identified, the next question is \u201cWhat do they do?\u201d Or more specifically, \u201cOnce the team knows and is trained on what to do, how do they know when to do it?\u201d The answer to this question will vary based on the <a href=\"https:\/\/csrc.nist.gov\/Projects\/Program-Review-for-Information-Security-Assistance\/Security-Maturity-Levels\" target=\"_blank\" rel=\"noopener\">security maturity level <\/a>of your organization.<\/p>\n<p>You can begin answering this question by identifying which of the hundreds, or even thousands, of daily security events should be classified as incidents and deserve further attention. Most organizations have not addressed this question explicitly, and approach their followup on an ad hoc basis\u2014depending on the resources and expertise available. While that approach is workable for a while, it doesn\u2019t provide consistent information for review and improvement and will likely result in lower quality response overall. It is better to tackle the devil in the details by creating a formal process for identifying incidents proactively.<\/p>\n<h3>What qualifies as an incident?<\/h3>\n<p>According to the <a href=\"https:\/\/csrc.nist.gov\/glossary\/term\/event\" target=\"_blank\" rel=\"noopener\">National Institute of Standards and Technology (NIST)<\/a>, a security event is \u201cany observable occurrence in a network or information system.\u201d Clearly then, the closer you observe your network, and the more sensitive your instrumentation, the more events you will observe or detect. These can range in severity from firewall pings to phishing attempts to exfiltration of data. And depending on your experience and the presence or absence of compensating controls, many of the events can probably be safely ignored. On the other hand, NIST defines a cyber \u201cincident\u201d as a disruptive occurrence and an event which is also in \u201cviolation of security policies, security procedures, or acceptable use policies.\u201d<\/p>\n<p>The NIST approach reflects a programmatic management focus. The incident in question represents a violation of standards, whether by an internal or external actor, and the response is dictated by the standard which has been violated. However, from a security analyst\u2019s view, an event or potential incident represents an observation of something out of the ordinary, or anomalous behavior, on the network. Before you can classify something as an incident, you need to start with a baseline of activity measurements, so you know what constitutes normal. From the standpoint of preparation, you must have policies and procedures which specify \u201cnormal\u201d activity on your network.<\/p>\n<p>A further way to identify events and incidents is to ask some key questions about the event:<\/p>\n<ol>\n<li>Does the event indicate a violation of law or applicable regulation such as PCI\/DSS, HIPAA, FERPA, etc.? Are there regulations which require public notification as a result of the event?<\/li>\n<li>Does the event indicate a violation of corporate policy? And what is the consequence specified in the policy?<\/li>\n<li>Does the event reflect a violation of corporate values and\/or ethics? (If you answer yes to 3 but not 2, consider whether there should be a policy in place).<\/li>\n<\/ol>\n<p>Incident response preparation is challenging, but by formalizing the process on how to identify an incident, you\u2019ll be that much better <a href=\"https:\/\/swimlane.com\/platform\/\">prepared for the response<\/a>: containing, eradicating and remediating the incident.<\/p>\n<p>*Adapted from an existing <a href=\"https:\/\/swimlane.com\/news\/swimlane-acquires-syncurity\" rel=\"noopener\">Syncurity<\/a> blog post.<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/ja\/tag\/incident-response\/'><span class='tag-content'>Incident Response<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d7aa948d47c bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/employee-onboarding-offboarding-automation\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>8\u6708 12, 2022<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Why You Need to Automate Your Onboarding &#038; Offboarding Process<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d7aa948e89b bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/soc-playbooks-role\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>10\u6708 2, 2024<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>The Role of SOC Playbooks in Modern Cybersecurity Strategies<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d7aa948feb2 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ja\/blog\/the-role-of-automation-to-meet-nis2-compliance\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>1\u6708 29, 2024<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>The Essential Role of Automation to Meet NIS2 Compliance<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9638,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[225],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[],"class_list":["post-9637","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-incident-response","resource-type-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Role of Preparation and Process in Incident Response<\/title>\n<meta name=\"description\" content=\"If your team can\u2019t properly identify an incident, your organization is exposed to substantial risk.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Role of Preparation and Process in Incident Response\" \/>\n<meta property=\"og:description\" content=\"If your team can\u2019t properly identify an incident, your organization is exposed to substantial risk.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T06:10:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data1\" content=\"4\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/\",\"url\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/\",\"name\":\"The Role of Preparation and Process in Incident Response\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/ja\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png\",\"datePublished\":\"2020-06-12T16:16:00+00:00\",\"dateModified\":\"2025-12-10T06:10:40+00:00\",\"description\":\"If your team can\u2019t properly identify an incident, your organization is exposed to substantial risk.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png\",\"width\":800,\"height\":533,\"caption\":\"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Role of Preparation and Process in Incident Response\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/ja\/#website\",\"url\":\"https:\/\/swimlane.com\/ja\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/ja\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/ja\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/ja\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/ja\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272","description":"\u30c1\u30fc\u30e0\u304c\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u3092\u9069\u5207\u306b\u8b58\u5225\u3067\u304d\u306a\u3044\u5834\u5408\u3001\u7d44\u7e54\u306f\u91cd\u5927\u306a\u30ea\u30b9\u30af\u306b\u3055\u3089\u3055\u308c\u307e\u3059\u3002.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272\/","og_locale":"ja_JP","og_type":"article","og_title":"The Role of Preparation and Process in Incident Response","og_description":"If your team can\u2019t properly identify an incident, your organization is exposed to substantial risk.","og_url":"https:\/\/swimlane.com\/ja\/\u30d6\u30ed\u30b0\/\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272\/","og_site_name":"AI Security Automation","article_modified_time":"2025-12-10T06:10:40+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"4\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/","url":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/","name":"\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u5bfe\u5fdc\u306b\u304a\u3051\u308b\u6e96\u5099\u3068\u30d7\u30ed\u30bb\u30b9\u306e\u5f79\u5272","isPartOf":{"@id":"https:\/\/swimlane.com\/ja\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png","datePublished":"2020-06-12T16:16:00+00:00","dateModified":"2025-12-10T06:10:40+00:00","description":"\u30c1\u30fc\u30e0\u304c\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u3092\u9069\u5207\u306b\u8b58\u5225\u3067\u304d\u306a\u3044\u5834\u5408\u3001\u7d44\u7e54\u306f\u91cd\u5927\u306a\u30ea\u30b9\u30af\u306b\u3055\u3089\u3055\u308c\u307e\u3059\u3002.","breadcrumb":{"@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/11-questions-for-your-SOAR-Vendor.png","width":800,"height":533,"caption":"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/ja\/blog\/the-role-of-preparation-and-process-in-incident-response\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"The Role of Preparation and Process in Incident Response"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/ja\/#website","url":"https:\/\/swimlane.com\/ja\/","name":"\u30ed\u30fc\u30b3\u30fc\u30c9\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\uff06SOAR\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\uff5c\u30b9\u30a4\u30e0\u30ec\u30fc\u30f3","description":"\u3042\u3089\u3086\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u3092\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u578bAI\u3067\u81ea\u52d5\u5316","publisher":{"@id":"https:\/\/swimlane.com\/ja\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/ja\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/ja\/#organization","name":"\u30ed\u30fc\u30b3\u30fc\u30c9\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\uff06SOAR\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\uff5c\u30b9\u30a4\u30e0\u30ec\u30fc\u30f3","url":"https:\/\/swimlane.com\/ja\/","logo":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/ja\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource\/9637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/sw_resource\/9637\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/media\/9638"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/media?parent=9637"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/tags?post=9637"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-type?post=9637"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-topic?post=9637"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/resource-industry?post=9637"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/ja\/wp-json\/wp\/v2\/blog-category?post=9637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}