Skip to content
Incident Response Hierarchy of Needs
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.
IR_Capabilities_Hierarchy_Norwegian.pptx Added Norwegian version May 26, 2017 Update Dec 19, 2016
hierarchy.png Fix hyphenation on "real time" per @Jurph Dec 19, 2016
plateaus.png Fixing hyphenation on "best practices" per @Jurph Dec 19, 2016

The Incident Response Hierarchy of Needs

The Incident Response Hierarchy is modeled after Maslow's Hierarchy of Needs. It describes the capabilities that organizations must build to defend their business assets. Bottom capabilities are prerequisites for successful execution of the capabilities above them: Hierarchy with explanations

The capabilities may also be organized into plateaus or phases that organizations may experience as they develop these capabilities: Hierarchy with plateaus

This diagram is available as images (explanations, plateaus) or as a PowerPoint deck.

How can I use it?

You are welcome to use, modify, and share my description of the incident response hierarchy. It is shared with the community under a Creative Commons Attribution 4.0 International license.

I have feedback!

Leaders may describe this concept in different ways depending on their experiences and the needs of their business. This version is based on my experience building incident response capabilities in Office 365, with feedback from the infosec community on Twitter.

If you have suggestions or feedback, I would love to hear from you! You can find me on Twitter and LinkedIn.

You can’t perform that action at this time.