It seems like hardly a week goes by without news of a data breach at yet another company. The reality today is that no matter how careful we are, no matter how well we design our strategies or how thoroughly we educate and engage employees, we’re never completely safe against a cyber-attack. No level of protection or prevention is 100% effective. So the next question that you must ask yourself is "What can be done when a security incident does occur?" If you’re a company trying to secure your data, where do you start? What should you think about it? Best practices are, first, having very good analytics and intelligence in place. You need to have probes available to get you information either as the data breach is occurring or afterward, to be able to understand the damage. Next, having an incident response team that is trained and ready for the scenario of a breach. There are several benefits for having an incident response plan in place. It is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
According to Cynthia Harvey, given that your organization is going to experience security incidents, attacks, and probably even breaches, you need an effective cyber incident response plan. Along with examples of types of security incidents, she explains in-depth the incident response process, setting up an incident response team, and giving tips for improving and maintaining an effective incident response plan.
Source: http://www.esecurityplanet.com/network-security/incident-response.html