Skip to content


Switch branches/tags

The Incident Response Hierarchy of Needs

The Incident Response Hierarchy is modeled after Maslow's Hierarchy of Needs. It describes the capabilities that organizations must build to defend their business assets. Bottom capabilities are prerequisites for successful execution of the capabilities above them: Hierarchy with explanations

The capabilities may also be organized into plateaus or phases that organizations may experience as they develop these capabilities: Hierarchy with plateaus

This diagram is available as images (explanations, plateaus) or as a PowerPoint deck.

How can I use it?

You are welcome to use, modify, and share my description of the incident response hierarchy. It is shared with the community under a Creative Commons Attribution 4.0 International license.

I have feedback!

Leaders may describe this concept in different ways depending on their experiences and the needs of their business. This version is based on my experience building incident response capabilities in Office 365, with feedback from the infosec community on Twitter.

If you have suggestions or feedback, I would love to hear from you! You can find me on Twitter and LinkedIn.


Incident Response Hierarchy of Needs






No releases published


No packages published