The Incident Response Hierarchy is modeled after Maslow's Hierarchy of Needs. It describes the capabilities that organizations must build to defend their business assets. Bottom capabilities are prerequisites for successful execution of the capabilities above them:
The capabilities may also be organized into plateaus or phases that organizations may experience as they develop these capabilities:
This diagram is available as images (explanations, plateaus) or as a PowerPoint deck.
You are welcome to use, modify, and share my description of the incident response hierarchy. It is shared with the community under a Creative Commons Attribution 4.0 International license.
Leaders may describe this concept in different ways depending on their experiences and the needs of their business. This version is based on my experience building incident response capabilities in Office 365, with feedback from the infosec community on Twitter.
If you have suggestions or feedback, I would love to hear from you! You can find me on Twitter and LinkedIn.