Which of the following best describes the preparation phase of an incident response plan?

Preparation in incident response is about getting ready before anything goes wrong. It focuses on setting up the people and processes that will handle an incident: establishing who does what by defining roles and responsibilities, creating clear communication plans and escalation paths so everyone knows how to coordinate, making sure staff are trained and practiced with the procedures, and ensuring the right tools and monitoring capabilities are ready and accessible. This groundwork enables quick detection, accurate analysis, and a coordinated, effective response when an incident occurs. After an incident, teams prepare post-mortems to capture lessons learned, which is why drafting those reports belongs to the aftermath rather than the preparation phase. Similarly, deploying new features or selling the product aren’t part of incident response readiness.