What are the seven steps of the ISC² incident management model, in order?
Detection → Response → Mitigation → Reporting → Recovery → Remediation → Lessons Learned.
* The ISC² incident-management model — Detection, Response, Mitigation, Reporting, Recovery, Remediation, Lessons Learned. *
The model (from the CISSP All-in-One Exam Guide) reflects that every framework shares the same logic: identify the event, analyse it, choose suitable countermeasures, fix the problem, and act so it does not recur. Knowing the order matters because each step builds on the last — you cannot respond to what you have not detected, and you cannot learn lessons before recovery.
Tip: Reporting sits in the middle of the list but in practice runs continuously across the whole incident — documentation is not a one-off step at the end.
Go deeper:
Computer security incident management (Wikipedia) — the incident-handling lifecycle (detect, respond, recover, learn) that every model, including this seven-step one, shares.