This can happen through a software or an employee. “If your defenses can disrupt the early stages of these attacks, you are in a much better position to minimize the damage or cause the intruder to go elsewhere” (O'Dell, 71). In general, the matter should be brought to the attention of the Chief Information Security Officer. They will be able to determine whether the incident actually constitutes a cybersecurity issue, its severity, scope and type. When a cyber incident occurs, you need to identify its specifics in order to provide an accurate response. You need to verify exactly what happened, who/what the source of the attack was, how long it took to detect it, what damage and/or loss has already occurred, and what potential damage can still occur if no action is taken . Another goal of identification is to find out which vulnerabilities and attack vectors, internal and/or external, have been targeted. It is very important to fully understand the impact on operations, legal, customers, human resources, physical security, partners and law enforcement. There should be meaningful documentation of all identification steps. This documentation will be helpful in the analysis process and for potential legal issues after the fact. The Chief Information Security Officer will be responsible for declaring the incident and the Incident Response Team will implement the incident response plan. All resources needed to complete the IRP