{"id":9847,"date":"2017-09-20T07:27:00","date_gmt":"2017-09-20T13:27:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/incident-response-plans\/"},"modified":"2025-12-09T22:34:47","modified_gmt":"2025-12-10T05:34:47","slug":"%ec%82%ac%ea%b3%a0-%eb%8c%80%ec%9d%91-%ea%b3%84%ed%9a%8d-2","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/","title":{"rendered":"\uc0ac\uc774\ubc84 \ubcf4\uc548 \uc0ac\uace0 \ub300\uc751 \uacc4\ud68d \uc790\ub3d9\ud654"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-f49668dca89a07af4c4bed27713f079b6839f643 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-f49668dca89a07af4c4bed27713f079b6839f643{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-3c02e72bbbdd27fbc2206a57dc520373f8b450b2 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor.\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans.png 1120w, https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans-300x186.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans-1024x636.png 1024w, https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans-768x477.png 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-6a13826d98ae006805bf00373c567a95c3c65a9a bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2017-09-20T07:27:00-06:00\">9\uc6d4 20, 2017<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">Automating cybersecurity incident response plans<\/h1>\n\n\n<div class=\"bs-div bs-div-f106fb945b2c4610a440b9e5b4f63c0c1cbbec02 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/ko\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">5 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-050e6505c2b06c7ce9ca858e2f56661a365e6ba8 bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-b9d738473a055284b615b4f50be5a383dfe4cc38 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('Automating%20cybersecurity%20incident%20response%20plans').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fincident-response-plans%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Automating%20cybersecurity%20incident%20response%20plans&url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fincident-response-plans%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fincident-response-plans%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Fko%2Fblog%2Fincident-response-plans%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-5fcbee853797bef68c609dd2715f511e3ead78a3 bs-column---default bs-column--contents     \">\n<h2><\/h2>\n<p>Planning and executing a cybersecurity incident response workflow means trying to achieve certainty about facts that cannot be known in advance. Given that challenge, security managers find that automating some or all of their incident response workflow using a <a href=\"https:\/\/swimlane.com\/security-automation-and-orchestration\/\">security automation and orchestration<\/a> (SAO) solution can provide numerous benefits. Automation reduces uncertainty and promotes efficiency in the response process. This article explores what\u2019s involved in making it happen.<\/p>\n<h3>Don&#8217;t include the walrus in your incident response planning<\/h3>\n<p>The incident response plan for the 2010 Deepwater Horizon oil rig tragedy contained a curious detail that reveals a great deal about why these plans don\u2019t always work. <a href=\"http:\/\/blogs.reuters.com\/environment\/2010\/05\/27\/walruses-in-louisiana-eyebrow-raising-details-of-bps-spill-response-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">The 600-page plan<\/a> called for protection of \u201csea lions, seals, sea otters (and) walruses\u201d in the Gulf of Mexico. None of these animals call the Gulf of Mexico home, and they\u2019re in the plan because the text was pasted from a document written for oil rigs in the Arctic.<\/p>\n<p>The only thought more laughable than sending people out to rescue walruses in a tropical climate is the notion that a static 600-page response plan would be useful in a real emergency. Even the best plan can be rendered useless over time by staff turnover and changes in relevant technology. As you prepare your incident response plans and incident response workflows, keep those walruses in mind to stay focused on what matters.<\/p>\n<h3>Common Incident Response Plans<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1878\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/wp\/2017\/09\/incident-response-workflow-workflow.png\" alt=\"incident response workflow - workflow\" width=\"550\" height=\"290\" title=\"incident response workflow - workflow\"><\/p>\n<p>Figure 1 &#8211; Basic incident response workflow. (Source: NIST &#8211; Computer Security Incident Handling Guide &#8211; Special Publication 800-61)<\/p>\n<p>Every organization has its own unique set of incident response steps. However, most incident response plans follow a pattern set out in the <a href=\"http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">National Institute of Standards and Technology (NIST) Computer Security Handling Guide<\/a>.<\/p>\n<p>As shown in the figure, there are four essential elements in the NIST incident response workflow:<\/p>\n<ol>\n<li>Preparation<\/li>\n<li>Detection and analysis<\/li>\n<li>Containment, eradication and recovery<\/li>\n<li>Post-incident activity.<\/li>\n<\/ol>\n<p>Within these four simple boxes, however, may be hundreds of steps connecting dozens of people and entities \u2014 and varying widely by organization.<\/p>\n<h3>Incident response highlights<\/h3>\n<p>The NIST recommendations, which are mandatory for certain types of government agencies and businesses, typically include the following elements:<\/p>\n<ul>\n<li><strong>Preparation \u2013<\/strong> As experienced security managers know, the best incident response plan is the one you never have to use. NIST recommends focusing on incident prevention. It\u2019s important to anticipate threats and mitigate them with effective countermeasures. However, since today\u2019s threat environment basically guarantees there will be incidents, an incident response workflow benefits from solid preparation. There is enough stress when a serious incident occurs, and it pays not to be caught flat-footed by something truly unexpected.<\/li>\n<\/ul>\n<blockquote>\n<p>As experienced security managers know, the best incident response plan is the one you never have to use.<\/p>\n<\/blockquote>\n<ul>\n<li><strong>Detection and Analysis \u2013<\/strong> This incident response step validates that an incident has occurred, determines what has happened and the seriousness of the incident, and puts notification procedures in place. Cybersecurity teams are inundated with false positives. A good incident response plan immediately recognizes the signs of an incident, which helps security managers determine whether the events being observed actually constitute an incident. The workflow should include steps to identify the attack vectors, prioritize the seriousness of the incident, put remediation into effect, and communicate with key stakeholders on a timely basis. The process also needs to include incident documentation.<\/li>\n<li><strong>Containment, Eradication and Recovery \u2013<\/strong> The incident response workflow invariably documents the containment of the threat. This step also rids the environment of the threat, recovers any affected systems, gathers and handles evidence and identifies the attacker.<\/li>\n<li><strong>Post-Incident Activity \u2013<\/strong> After the incident, most teams discuss lessons learned, as it may help to improve future defenses and incident responses. In many cases, it is important to retain all evidence collected during the incident for auditors, attorneys, technology vendors, government agencies, insurance carriers, and other stakeholders.<\/li>\n<li><strong>Coordination \u2013<\/strong> Incident response is not a solo activity. Depending on the size and scope of the organization and the incident itself, the incident response plan may involve communicating with internal stakeholders, like senior executives, general counsel and others, or external third parties, such as law enforcement agencies and media. How these communications are handled can either heighten or diminish the incident\u2019s business impact. For example, a clumsy disclosure of a data breach could result in costly brand damage or increased customer service costs. Or worse, poorly delivered information sharing could cause legal liability.<\/li>\n<\/ul>\n<blockquote>\n<p>The NIST document makes it clear that incident response is not a solo activity.<\/p>\n<\/blockquote>\n<h3>Security automation and orchestration (SAO) and incident response plans<\/h3>\n<p>A cybersecurity incident combines risk with complexity. These two factors together are seldom a good thing. The team has to execute quickly and effectively even though the nature of the incident may not be fully understood at the outset. Plan or no plan, it may not be known which stakeholders need to be notified, which resources are required and so forth when the threat is first detected.<\/p>\n<p>One solution is to automate as many steps of the process as possible. This way, team members can focus on important matters while routine steps, like sending email notifications and assessing threats, can be done automatically. This is the idea surrounding <a href=\"https:\/\/swimlane.com\/security-automation\/\">security automation<\/a> and <a href=\"https:\/\/swimlane.com\/security-orchestration-platform\/\">orchestration<\/a> (SAO). SAO solutions, like Swimlane, replace slow, manual analyst tasks with machine-speed decision making.<\/p>\n<blockquote>\n<p>SOA solutions, like Swimlane, remove slow, manual analyst tasks from threat and event responses.<\/p>\n<\/blockquote>\n<p>Coupled with comprehensive data gathering, standardization and analysis, SAO enables security teams to implement sophisticated <a href=\"https:\/\/swimlane.com\/blog\/security-alert-management\/\">incident response plans<\/a>. Its effect on an incident response workflow looks like this:<\/p>\n<ul>\n<li><strong>Preparation \u2013<\/strong> SAO makes it possible to transfer plans developed in preparation into actionable, automated workflows. An SAO solution captures the knowledge generated in the preparation stage, making it resistant to the effects of staff turnover and forgetfulness. For instance, if part of the plan includes notifying certain stakeholders during an incident, then that task will be performed automatically. The team will not have to crack open a never-before-read PDF to determine who to alert.<\/li>\n<li><strong>Detection and analysis \u2013<\/strong> SAO streamline the critical steps of detection and analysis. For example, an SAO solution can gather contextual alert data from multiple sources, analyze it and recommend a course of action to the analyst. Or, it can automatically execute the appropriate preventative actions, like setting up a ticket in JIRA, emailing key stakeholders, quarantining the threat, updating the threat database and so forth.<\/li>\n<li><strong>Containment, eradication and recovery \u2013<\/strong> Team productivity counts in incident response, and the incident response steps may not align with staffing conditions at the moment of an actual incident. However, SAO solutions help the cybersecurity team perform efficiently and save hours in incident response and threat detection work. Part of the productivity gain stems from the team member\u2019s ability to monitor an incident through a single instance and take action where needed.<\/li>\n<li><strong>Embedding of team reaction processes<\/strong> &#8211; SAO solutions can mimic the detailed practices of the best members of the security team. As their reaction processes (e.g. what\u2019s important, what\u2019s not, who to call, who to email, what to do, etc.) are included in automated workflows, the tool captures knowledge and best practices. By \u201cremembering\u201d how things get done, SAO can mitigate knowledge loss during inevitable staff turnover.<\/li>\n<li><strong>Post-incident activity \u2013<\/strong> By their nature, SAO solutions create logs of the incident response tasks it performs. This enables a more holistic view of an incident and provides time savings when reviewing the incident post-resolution.<\/li>\n<li><strong>Coordination \u2013<\/strong> SAO solutions orchestrate the coordination between people, entities and systems that arise in incident response workflows. They make it easier for team members to concentrate on critical decisions rather than notifications \u2013 the system does it for them.<\/li>\n<\/ul>\n<h3>How Swimlane can help<\/h3>\n<p>Swimlane delivers <a href=\"https:\/\/swimlane.com\/security-automation-and-orchestration\/\">security automation and orchestration<\/a> that is easy to implement, use, manage and scale. Swimlane allows a security operations team to leverage the capabilities of their existing security solutions and enrich the information presented to the analyst.<\/p>\n<p>Want to learn more about the Swimlane SAO solution? Download our e-book: <a href=\"https:\/\/swimlane.com\/automating-incident-response-ebook\/\"><em>Automating Incident Response<\/em><\/a><em>.<\/em><\/p>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-4ffac197d945e44dadadc9d8f52ba4737135ba21 bs-column---default     \">\n<div class=\"bs-div bs-div-ffc71f24880cf5ca65c4a54e87fb14a656cc562d bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/ko\/tag\/incident-response\/'><span class='tag-content'>Incident Response<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-69c461f15bb5fa3fc09d1aa73a0e5865005218ff bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea6af839804 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/sans-survey-highlights-pandemic-influenced-hiring-plans\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>8\uc6d4 5, 2020<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>SANS survey highlights pandemic-influenced hiring plans<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea6af83a9d0 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/incident-response-plan\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>11\uc6d4 7, 2025<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>How to Create a Cybersecurity Incident Response Plan<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-4bb8c1b66cb5e72c43988fbaf017046daf38fc18 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69ea6af83bd42 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/ko\/blog\/nist-incident-response\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>1\uc6d4 31, 2018<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Improving incident response with the NIST Cybersecurity Framework and security automation and orchestration (SAO)<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9848,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[225],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[],"class_list":["post-9847","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-incident-response","resource-type-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Automating cybersecurity incident response plans Today<\/title>\n<meta name=\"description\" content=\"Automating some or all of an organization\u2019s incident response workflow using security automation and orchestration (SAO).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\uacc4\ud68d-2\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automating cybersecurity incident response plans\" \/>\n<meta property=\"og:description\" content=\"Automating some or all of an organization\u2019s incident response workflow using security automation and orchestration (SAO).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\uacc4\ud68d-2\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T05:34:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans-1024x636.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"636\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data1\" content=\"7\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/\",\"name\":\"Automating cybersecurity incident response plans Today\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/09.20.17-Cybersecurity-IR-plans.png\",\"datePublished\":\"2017-09-20T13:27:00+00:00\",\"dateModified\":\"2025-12-10T05:34:47+00:00\",\"description\":\"Automating some or all of an organization\u2019s incident response workflow using security automation and orchestration (SAO).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/#primaryimage\",\"url\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/09.20.17-Cybersecurity-IR-plans.png\",\"contentUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/09.20.17-Cybersecurity-IR-plans.png\",\"width\":1120,\"height\":696,\"caption\":\"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/blog\\\/incident-response-plans\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/swimlane.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Automating cybersecurity incident response plans\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#website\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\\\/\\\/swimlane.com\\\/wp-content\\\/uploads\\\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\\\/\\\/swimlane.com\\\/ko\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/swimlane\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/swimlane\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\uc624\ub298\ub0a0 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc0ac\uace0 \ub300\uc751 \uacc4\ud68d \uc790\ub3d9\ud654","description":"\ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f \uc624\ucf00\uc2a4\ud2b8\ub808\uc774\uc158(SAO)\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc870\uc9c1\uc758 \uc0ac\uace0 \ub300\uc751 \uc6cc\ud06c\ud50c\ub85c\uc758 \uc77c\ubd80 \ub610\ub294 \uc804\uccb4\ub97c \uc790\ub3d9\ud654\ud569\ub2c8\ub2e4.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\uacc4\ud68d-2\/","og_locale":"ko_KR","og_type":"article","og_title":"Automating cybersecurity incident response plans","og_description":"Automating some or all of an organization\u2019s incident response workflow using security automation and orchestration (SAO).","og_url":"https:\/\/swimlane.com\/ko\/\ube14\ub85c\uadf8\/\uc0ac\uace0-\ub300\uc751-\uacc4\ud68d-2\/","og_site_name":"AI Security Automation","article_modified_time":"2025-12-10T05:34:47+00:00","og_image":[{"width":1024,"height":636,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans-1024x636.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"7\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/","url":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/","name":"\uc624\ub298\ub0a0 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc0ac\uace0 \ub300\uc751 \uacc4\ud68d \uc790\ub3d9\ud654","isPartOf":{"@id":"https:\/\/swimlane.com\/ko\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans.png","datePublished":"2017-09-20T13:27:00+00:00","dateModified":"2025-12-10T05:34:47+00:00","description":"\ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f \uc624\ucf00\uc2a4\ud2b8\ub808\uc774\uc158(SAO)\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc870\uc9c1\uc758 \uc0ac\uace0 \ub300\uc751 \uc6cc\ud06c\ud50c\ub85c\uc758 \uc77c\ubd80 \ub610\ub294 \uc804\uccb4\ub97c \uc790\ub3d9\ud654\ud569\ub2c8\ub2e4.","breadcrumb":{"@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/09.20.17-Cybersecurity-IR-plans.png","width":1120,"height":696,"caption":"Buyer\u2019s guide: 11 key questions to evaluate your SOAR vendor."},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/ko\/blog\/incident-response-plans\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"Automating cybersecurity incident response plans"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/ko\/#website","url":"https:\/\/swimlane.com\/ko\/","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","description":"\ubaa8\ub4e0 \ubcf4\uc548 \uae30\ub2a5\uc744 \uc704\ud55c \uc5d0\uc774\uc804\ud2b8 \uae30\ubc18 AI \uc790\ub3d9\ud654","publisher":{"@id":"https:\/\/swimlane.com\/ko\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/ko\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/ko\/#organization","name":"\ub85c\uc6b0\ucf54\ub4dc \ubcf4\uc548 \uc790\ub3d9\ud654 \ubc0f SOAR \ud50c\ub7ab\ud3fc | \uc2a4\uc714\ub808\uc778","url":"https:\/\/swimlane.com\/ko\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/ko\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":0,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/sw_resource\/9847\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media\/9848"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/media?parent=9847"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/tags?post=9847"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-type?post=9847"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-topic?post=9847"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/resource-industry?post=9847"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/ko\/wp-json\/wp\/v2\/blog-category?post=9847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}