NIST Cybersecurity Framework 2.0 organises cybersecurity into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. The Respond function covers what you do after a security event is detected. It has four categories: Incident Management (establishing roles, escalation paths, communication plans), Incident Analysis (triaging, scoping, determining severity), Incident Mitigation (containing the threat, stopping the bleeding), and Incident Reporting (internal escalation and regulatory notification).